Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3207
HistoryAug 18, 2021 - 9:50 a.m.

(RHSA-2021:3207) Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

2021-08-1809:50:40
access.redhat.com
33

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.828 High

EPSS

Percentile

98.4%

JSON

This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)

  • californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)

  • undertow: special character in query results in server errors (CVE-2020-27782)

  • activemq: improper authentication allows MITM attack (CVE-2020-13920)

  • flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)

  • groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)

  • kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)

  • kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 16
prion 8
cve 8
redhatcve 8
osv 17
nuclei 1
veracode 8
github 7
githubexploit 3
nessus 12
ibm 16
freebsd 1
ubuntucve 4
debian 2
debiancve 4
openvas 3
suse 1
archlinux 1
checkpoint_advisories 1
jetbrains 1
oracle 13
redhat
redhat
(RHSA-2021:3205) Moderate: Red Hat Integration Camel-K 1.4 release and security update
2021-08-18 09:09:40
(RHSA-2021:1004) Moderate: Red Hat build of Quarkus 1.11.6 release and security update
2021-03-29 11:07:57
(RHSA-2021:1006) Moderate: OpenShift Container Platform 4.7.5 security and bug fix update
2021-04-05 12:52:40
prion
prion
Design/Logic Flaw
2020-11-25 00:15:00
Code injection
2021-02-03 16:15:00
Design/Logic Flaw
2021-01-05 12:15:00
cve
cve
CVE-2020-26238
2020-11-25 00:15:00
CVE-2020-17518
2021-01-05 12:15:00
CVE-2020-27222
2021-02-03 16:15:00
redhatcve
redhatcve
CVE-2020-26238
2020-11-25 18:22:07
CVE-2020-27222
2021-03-01 13:33:27
CVE-2020-13920
2020-09-17 17:30:08
osv
osv
CVE-2020-26238
2020-11-25 00:15:10
Template injection in cron-utils
2020-11-24 23:48:38
CVE-2020-17518
2021-01-05 12:15:12
nuclei
nuclei
Apache Flink 1.5.1 - Local File Inclusion
2021-01-06 17:38:45
veracode
veracode
Denial Of Service (DoS)
2021-02-04 06:07:28
Template Injection
2020-12-04 00:52:43
Arbitrary File Write
2021-01-06 06:15:02
github
github
Template injection in cron-utils
2020-11-24 23:48:38
Upload of file to arbitrary path in Apache Flink
2022-02-09 22:29:52
Information Disclosure in Apache Groovy
2020-12-09 19:03:03
githubexploit
githubexploit
Exploit for Path Traversal in Apache Flink
2021-01-06 13:40:06
Exploit for Path Traversal in Apache Flink
2021-01-10 15:06:40
Exploit for Path Traversal in Apache Flink
2021-01-10 01:12:45
nessus
nessus
FreeBSD : nexus2-oss -- Apache ActiveMQ JMX vulnerability (730e922f-20e7-11ec-a574-080027eedc6a)
2021-10-01 00:00:00
openSUSE Security Update : groovy (openSUSE-2020-2367)
2021-01-25 00:00:00
Debian DLA-2400-1 : activemq security update
2020-10-08 00:00:00
ibm
ibm
Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)
2021-01-15 22:23:56
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Sterling Secure Proxy (CVE-2020-13920)
2021-01-08 23:05:42
Security Bulletin: CVE-2020-17521 Apache Groovy's provided extension methods to aid with creating temporary directories was using a now superseded Java JDK method call that is potentiallly not secure in some situations.
2021-09-01 20:04:01
freebsd
freebsd
nexus2-oss -- Apache ActiveMQ JMX vulnerability
2020-12-28 00:00:00
ubuntucve
ubuntucve
CVE-2020-13920
2020-09-10 00:00:00
CVE-2020-29582
2021-02-03 00:00:00
CVE-2020-17521
2020-12-07 00:00:00
debian
debian
[SECURITY] [DLA 2400-1] activemq security update
2020-10-07 22:41:28
[SECURITY] [DLA 3657-1] activemq security update
2023-11-20 21:14:23
debiancve
debiancve
CVE-2020-13920
2020-09-10 19:15:00
CVE-2020-17521
2020-12-07 20:15:00
CVE-2020-29582
2021-02-03 16:15:00
openvas
openvas
Debian: Security Advisory (DLA-2400-1)
2020-10-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3917-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-3657-1)
2023-11-21 00:00:00
suse
suse
Security update for groovy (moderate)
2020-12-31 00:00:00
archlinux
archlinux
[ASA-202103-14] groovy: privilege escalation
2021-03-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Flink Directory Traversal (CVE-2020-17518; CVE-2020-17519)
2021-01-17 00:00:00
jetbrains
jetbrains
JetBrains Security Bulletin Q4 2020
2021-02-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.828 High

EPSS

Percentile

98.4%

JSON
Related for RHSA-2021:3207
redhat16prion8cve8redhatcve8osv17nuclei1veracode8github7githubexploit3nessus12ibm16freebsd1ubuntucve4debian2debiancve4openvas3suse1archlinux1checkpoint_advisories1jetbrains1oracle13