Bug 2039403 (CVE-2021-42392) - CVE-2021-42392 h2: Remote Code Execution in Console
Summary: CVE-2021-42392 h2: Remote Code Execution in Console
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-42392
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2039404
TreeView+ depends on / blocked
 
Reported: 2022-01-11 16:33 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-11-03 15:15 UTC (History)
73 users (show)

Fixed In Version: h2 2.0.206
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
Clone Of:
Environment:
Last Closed: 2022-03-22 19:01:13 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1013 0 None None None 2022-03-22 15:35:21 UTC
Red Hat Product Errata RHSA-2022:4918 0 None None None 2022-06-06 15:52:14 UTC
Red Hat Product Errata RHSA-2022:4919 0 None None None 2022-06-06 15:58:36 UTC
Red Hat Product Errata RHSA-2022:4922 0 None None None 2022-06-06 15:11:57 UTC
Red Hat Product Errata RHSA-2022:6782 0 None None None 2022-10-04 15:37:47 UTC
Red Hat Product Errata RHSA-2022:6783 0 None None None 2022-10-04 15:41:39 UTC
Red Hat Product Errata RHSA-2022:6787 0 None None None 2022-10-04 15:53:33 UTC
Red Hat Product Errata RHSA-2022:7409 0 None None None 2022-11-03 14:51:43 UTC
Red Hat Product Errata RHSA-2022:7410 0 None None None 2022-11-03 14:51:25 UTC
Red Hat Product Errata RHSA-2022:7411 0 None None None 2022-11-03 14:52:30 UTC
Red Hat Product Errata RHSA-2022:7417 0 None None None 2022-11-03 15:15:06 UTC

Description Guilherme de Almeida Suckevicz 2022-01-11 16:33:43 UTC
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Reference:
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

Comment 22 errata-xmlrpc 2022-03-22 15:35:16 UTC
This issue has been addressed in the following products:

  RHINT Camel-Q 2.2.1

Via RHSA-2022:1013 https://access.redhat.com/errata/RHSA-2022:1013

Comment 23 Product Security DevOps Team 2022-03-22 19:01:09 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-42392

Comment 24 errata-xmlrpc 2022-06-06 15:11:53 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2022:4922 https://access.redhat.com/errata/RHSA-2022:4922

Comment 25 errata-xmlrpc 2022-06-06 15:52:09 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2022:4918 https://access.redhat.com/errata/RHSA-2022:4918

Comment 26 errata-xmlrpc 2022-06-06 15:58:31 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2022:4919 https://access.redhat.com/errata/RHSA-2022:4919

Comment 27 errata-xmlrpc 2022-10-04 15:37:41 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.5 for RHEL 7

Via RHSA-2022:6782 https://access.redhat.com/errata/RHSA-2022:6782

Comment 28 errata-xmlrpc 2022-10-04 15:41:34 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.5 for RHEL 8

Via RHSA-2022:6783 https://access.redhat.com/errata/RHSA-2022:6783

Comment 29 errata-xmlrpc 2022-10-04 15:53:27 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2022:6787 https://access.redhat.com/errata/RHSA-2022:6787

Comment 30 ir. Jan Gerrit Kootstra 2022-10-20 20:31:05 UTC
How to remediate this issue for Ansible Automation Platform, SSO?

Comment 31 errata-xmlrpc 2022-11-03 14:51:21 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2022:7410 https://access.redhat.com/errata/RHSA-2022:7410

Comment 32 errata-xmlrpc 2022-11-03 14:51:39 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2022:7409 https://access.redhat.com/errata/RHSA-2022:7409

Comment 33 errata-xmlrpc 2022-11-03 14:52:27 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2022:7411 https://access.redhat.com/errata/RHSA-2022:7411

Comment 34 errata-xmlrpc 2022-11-03 15:15:03 UTC
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6.1

Via RHSA-2022:7417 https://access.redhat.com/errata/RHSA-2022:7417


Note You need to log in before you can comment on or make changes to this bug.