Bug 2143416 (CVE-2022-4039)
Summary: | CVE-2022-4039 rhsso-container-image: unsecured management interface exposed to adjecent network | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | boliveir, chazlett, drichtar, jlieskov, pdrozd, pjindal, pskopek, rowaters, security-response-team, sthorger |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Red Hat Single Sign-On 7.6.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-03-21 20:02:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2143042 |
Description
Chess Hazlett
2022-11-16 21:33:13 UTC
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:1047 https://access.redhat.com/errata/RHSA-2023:1047 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4039 |