Bug 2039403 (CVE-2021-42392)

Summary: CVE-2021-42392 h2: Remote Code Execution in Console
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aboyko, aileenc, akoufoud, alazarot, anstephe, aos-bugs, asoldano, atangrin, bbaranow, bibryam, bmaxwell, bmontgom, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, drieden, eleandro, eparis, eric.wittmann, etirelli, fjuma, ggaughan, gmalinko, hbraun, ibek, iweiss, jangerrit.kootstra, janstey, jburrell, jnethert, jochrist, jokerman, jolee, jpallich, jperkins, jrokos, jschatte, jstastny, jwon, krathod, kverlaen, kwills, lgao, loleary, mnovotny, msochure, msvehla, nstielau, nwallace, pantinor, pdelbell, pdrozd, pjindal, pmackay, rguimara, rrajasek, rstancel, rsvoboda, sd-operator-metering, smaestri, spinder, sponnaga, sthorger, tflannag, theute, tom.jenkinson, tzimanyi, vkumar, yborgess
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: h2 2.0.206 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-22 19:01:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2039404    

Description Guilherme de Almeida Suckevicz 2022-01-11 16:33:43 UTC 
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Reference:
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
Comment 22 errata-xmlrpc 2022-03-22 15:35:16 UTC 
This issue has been addressed in the following products:

  RHINT Camel-Q 2.2.1

Via RHSA-2022:1013 https://access.redhat.com/errata/RHSA-2022:1013
Comment 23 Product Security DevOps Team 2022-03-22 19:01:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-42392
Comment 24 errata-xmlrpc 2022-06-06 15:11:53 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2022:4922 https://access.redhat.com/errata/RHSA-2022:4922
Comment 25 errata-xmlrpc 2022-06-06 15:52:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2022:4918 https://access.redhat.com/errata/RHSA-2022:4918
Comment 26 errata-xmlrpc 2022-06-06 15:58:31 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2022:4919 https://access.redhat.com/errata/RHSA-2022:4919
Comment 27 errata-xmlrpc 2022-10-04 15:37:41 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.5 for RHEL 7

Via RHSA-2022:6782 https://access.redhat.com/errata/RHSA-2022:6782
Comment 28 errata-xmlrpc 2022-10-04 15:41:34 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.5 for RHEL 8

Via RHSA-2022:6783 https://access.redhat.com/errata/RHSA-2022:6783
Comment 29 errata-xmlrpc 2022-10-04 15:53:27 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2022:6787 https://access.redhat.com/errata/RHSA-2022:6787
Comment 30 ir. Jan Gerrit Kootstra 2022-10-20 20:31:05 UTC 
How to remediate this issue for Ansible Automation Platform, SSO?
Comment 31 errata-xmlrpc 2022-11-03 14:51:21 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2022:7410 https://access.redhat.com/errata/RHSA-2022:7410
Comment 32 errata-xmlrpc 2022-11-03 14:51:39 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2022:7409 https://access.redhat.com/errata/RHSA-2022:7409
Comment 33 errata-xmlrpc 2022-11-03 14:52:27 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2022:7411 https://access.redhat.com/errata/RHSA-2022:7411
Comment 34 errata-xmlrpc 2022-11-03 15:15:03 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6.1

Via RHSA-2022:7417 https://access.redhat.com/errata/RHSA-2022:7417
Comment 36 errata-xmlrpc 2025-02-24 00:08:46 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7

Via RHSA-2025:1747 https://access.redhat.com/errata/RHSA-2025:1747