Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE
Adjusting CVSS score: Attack complexity should be High and User Interaction should be Required because Developer himself has to go to malicious website in order for the attack to take place. Also this affects only the development environment and not the actual production and hence the impact as considered as Important at max.
This issue has been addressed in the following products: Red Hat build of Quarkus Platform 2.7.6.SP3 Via RHSA-2022:8957 https://access.redhat.com/errata/RHSA-2022:8957
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4116
This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.5 Via RHSA-2022:9023 https://access.redhat.com/errata/RHSA-2022:9023