When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6703 https://access.redhat.com/errata/RHSA-2022:6703
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6701 https://access.redhat.com/errata/RHSA-2022:6701
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6700 https://access.redhat.com/errata/RHSA-2022:6700
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6702 https://access.redhat.com/errata/RHSA-2022:6702
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6713 https://access.redhat.com/errata/RHSA-2022:6713
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6707 https://access.redhat.com/errata/RHSA-2022:6707
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6710 https://access.redhat.com/errata/RHSA-2022:6710
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6711 https://access.redhat.com/errata/RHSA-2022:6711
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6708 https://access.redhat.com/errata/RHSA-2022:6708
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6716 https://access.redhat.com/errata/RHSA-2022:6716
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6715 https://access.redhat.com/errata/RHSA-2022:6715
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6717 https://access.redhat.com/errata/RHSA-2022:6717
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40956