Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1681
HistoryMay 03, 2022 - 2:27 p.m.

(RHSA-2022:1681) Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes

2022-05-0314:27:08
access.redhat.com
70

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.3%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.4.4 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Security fixes:

  • Vm2: vulnerable to Sandbox Bypass (CVE-2021-23555)

  • Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

  • Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

  • Node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • Follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • Urijs: Authorization Bypass Through User-Controlled Key (CVE-2022-0613)

  • Nconf: Prototype pollution in memory store (CVE-2022-21803)

  • Nats-server: misusing the “dynamically provisioned sandbox accounts” feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)

  • Urijs: Leading white space bypasses protocol validation (CVE-2022-24723)

  • Node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery (CVE-2022-24771)

  • Node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)

  • Node-forge: Signature verification leniency in checking DigestInfo structure (CVE-2022-24773)

  • Cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

Bug fixes:

  • Failed ClusterDeployment validation errors do not surface through the ClusterPool UI (Bugzilla #1995380)

  • Agents wrong validation failure on failing to fetch image needed for installation (Bugzilla #2008583)

  • Fix catalogsource name (Bugzilla #2038250)

  • When the ocp console operator is disable on the managed cluster, the cluster claims failed to update (Bugzilla #2057761)

  • Multicluster-operators-hub-subscription OOMKilled (Bugzilla #2053308)

  • RHACM 2.4.1 Console becomes unstable and refuses login after one hour (Bugzilla #2061958)

  • RHACM 2.4.4 images (Bugzilla #2077548)

Related

redhat 18
ibm 34
nessus 21
rocky 3
osv 23
oraclelinux 3
almalinux 1
github 10
prion 12
veracode 9
virtuozzo 2
huntr 1
cve 11
cnvd 2
redhatcve 10
mageia 1
debiancve 7
ubuntucve 7
openvas 7
suse 1
gitlab 2
cgr 1
wolfi 1
f5 2
attackerkb 1
hivepro 1
githubexploit 3
thn 1
redos 1
ubuntu 1
fedora 1
broadcom 1
redhat
redhat
(RHSA-2022:1715) Moderate: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes
2022-05-04 21:09:57
(RHSA-2022:1739) Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update
2022-05-05 18:01:19
(RHSA-2022:1535) Important: kpatch-patch security update
2022-04-26 09:53:55
ibm
ibm
Security Bulletin: Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
2023-05-08 20:20:36
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 17:28:42
Security Bulletin: IBM MQ Appliance is affected by follow-redirects vulnerabilities (CVE-2022-0155 and CVE-2022-0536)
2022-07-14 15:02:42
nessus
nessus
Rocky Linux 8 : kernel (RLSA-2022:1550)
2022-04-28 00:00:00
RHEL 8 : kpatch-patch (RHSA-2022:1535)
2022-04-27 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2022:1555)
2022-04-28 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-04-26 13:50:26
kernel security and bug fix update
2022-04-26 13:49:36
.NET Core 3.1 on Rocky Linux 8 bugfix update
2022-04-18 13:16:19
osv
osv
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
oraclelinux
oraclelinux
kernel security and bug fix update
2022-04-27 00:00:00
Unbreakable Enterprise kernel security update
2022-02-28 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-28 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2022-04-26 13:49:36
github
github
Sandbox bypass in vm2
2022-02-12 00:00:38
Leading white space bypasses protocol validation
2022-03-03 19:23:36
Improper Verification of Cryptographic Signature in node-forge
2022-03-18 23:10:28
prion
prion
Improper access control
2022-02-11 20:15:00
Input validation
2022-03-03 21:15:00
Design/Logic Flaw
2022-03-18 14:15:00
veracode
veracode
Arbitrary Code Execution
2022-02-14 10:31:02
Cross-site Scripting (XSS)
2022-03-04 04:13:53
Improper Verification Of Signature
2022-03-21 11:00:54
virtuozzo
virtuozzo
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
huntr
huntr
Protocol/Hostname spoofing via Improper Input Validation
2022-02-27 02:50:37
cve
cve
CVE-2022-24723
2022-03-03 21:15:00
CVE-2021-23555
2022-02-11 20:15:00
CVE-2022-24771
2022-03-18 14:15:00
cnvd
cnvd
Medialize URI.js Input Validation Error Vulnerability (CNVD-2022-19502)
2022-03-04 00:00:00
nconf has unspecified vulnerabilities
2022-04-15 00:00:00
redhatcve
redhatcve
CVE-2022-24723
2022-03-09 16:57:45
CVE-2021-23555
2022-02-14 09:55:25
CVE-2022-24450
2022-02-09 15:45:28
mageia
mageia
Updated nats-server packages fix security vulnerability
2022-06-13 23:44:20
debiancve
debiancve
CVE-2022-24450
2022-02-08 02:15:00
CVE-2022-24771
2022-03-18 14:15:00
CVE-2022-24772
2022-03-18 14:15:00
ubuntucve
ubuntucve
CVE-2022-24723
2022-03-03 00:00:00
CVE-2022-24771
2022-03-18 00:00:00
CVE-2022-24772
2022-03-18 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0225)
2022-06-14 00:00:00
openSUSE: Security Advisory for kubevirt, (openSUSE-SU-2022:0526-1)
2022-02-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0040-1)
2022-01-11 00:00:00
suse
suse
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (moderate)
2022-02-21 00:00:00
gitlab
gitlab
x/crypto/ssh vulnerable to panic via SSH server
2022-09-07 00:00:00
x/crypto/ssh vulnerable to panic via SSH server
2022-09-07 00:00:00
cgr
cgr
CVE-2021-43565 vulnerabilities
2024-04-24 09:06:08
wolfi
wolfi
CVE-2021-43565 vulnerabilities
2024-04-24 09:07:13
f5
f5
K13559191 : Linux kernel vulnerability CVE-2022-25636
2022-06-09 00:00:00
K37256400 : Linux kernel vulnerability CVE-2021-4028
2022-05-02 00:00:00
attackerkb
attackerkb
CVE-2022-24785
2022-04-04 00:00:00
hivepro
hivepro
Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
2022-03-17 15:50:05
githubexploit
githubexploit
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-23 17:49:30
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-03-07 13:38:41
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-05 07:08:09
thn
thn
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
2022-03-14 11:05:00
redos
redos
ROS-20220318-03
2022-03-18 00:00:00
ubuntu
ubuntu
PolicyKit vulnerability
2022-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.3
2022-03-03 15:50:59
broadcom
broadcom
Flaw in polkit
2022-07-29 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for RHSA-2022:1681
redhat18ibm34nessus21rocky3osv23oraclelinux3almalinux1github10prion12veracode9virtuozzo2huntr1cve11cnvd2redhatcve10mageia1debiancve7ubuntucve7openvas7suse1gitlab2cgr1wolfi1f52attackerkb1hivepro1githubexploit3thn1redos1ubuntu1fedora1broadcom1