Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:1715
HistoryMay 04, 2022 - 9:09 p.m.

(RHSA-2022:1715) Moderate: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes

2022-05-0421:09:57
access.redhat.com
42

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.107 Low

EPSS

Percentile

95.0%

JSON

Red Hat Advanced Cluster Management for Kubernetes 2.3.10 images

Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. See the following
Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Security updates:

  • Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

  • Node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • Follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • Urijs: Authorization Bypass Through User-Controlled Key (CVE-2022-0613)

  • Urijs: Leading white space bypasses protocol validation (CVE-2022-24723)

  • Nconf: Prototype pollution in memory store (CVE-2022-21803)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

Bug fixes:

  • RHACM 2.3.10 images

Related

redhat 29
nessus 39
rocky 5
osv 13
oraclelinux 5
almalinux 2
ibm 20
virtuozzo 3
prion 8
huntr 1
cve 8
cnvd 3
redhatcve 7
github 5
veracode 5
ubuntucve 7
f5 2
debiancve 5
hivepro 1
githubexploit 3
thn 1
attackerkb 1
broadcom 2
openvas 13
fedora 3
slackware 1
redos 1
ubuntu 1
altlinux 1
mageia 1
cbl_mariner 1
suse 2
redhat
redhat
(RHSA-2022:1681) Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes
2022-05-03 14:27:08
(RHSA-2022:4896) Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]
2022-06-02 12:21:19
(RHSA-2022:1555) Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
nessus
nessus
RHEL 8 : Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0] (Important) (RHSA-2022:4896)
2022-06-03 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2022:1555)
2022-04-28 00:00:00
RHEL 8 : kernel (RHSA-2022:1550)
2022-04-27 00:00:00
rocky
rocky
kernel security and bug fix update
2022-04-26 13:49:36
kernel-rt security and bug fix update
2022-04-26 13:50:26
.NET Core 3.1 on Rocky Linux 8 bugfix update
2022-04-18 13:16:19
osv
osv
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
Important: kernel security and bug fix update
2022-04-26 13:49:36
oraclelinux
oraclelinux
kernel security and bug fix update
2022-04-27 00:00:00
kernel security, bug fix, and enhancement update
2022-04-06 00:00:00
Unbreakable Enterprise kernel security update
2022-02-28 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2022-04-26 13:49:36
Moderate: polkit security update
2022-04-26 13:49:20
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by follow-redirects vulnerabilities (CVE-2022-0155 and CVE-2022-0536)
2022-07-14 15:02:42
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2022-0155 & CVE-2022-0536)
2022-05-12 15:35:26
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js follow-redirects module information disclosure vulnerabilities (CVE-2022-0536, CVE-2022-0155)
2023-02-07 21:34:20
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 140.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-04-15 00:00:00
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
prion
prion
Input validation
2022-03-03 21:15:00
Design/Logic Flaw
2022-04-12 16:15:00
Path traversal
2022-04-04 17:15:00
huntr
huntr
Protocol/Hostname spoofing via Improper Input Validation
2022-02-27 02:50:37
cve
cve
CVE-2022-24723
2022-03-03 21:15:00
CVE-2022-21803
2022-04-12 16:15:00
CVE-2022-25636
2022-02-24 15:15:00
cnvd
cnvd
Medialize URI.js Input Validation Error Vulnerability (CNVD-2022-19502)
2022-03-04 00:00:00
nconf has unspecified vulnerabilities
2022-04-15 00:00:00
Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)
2022-02-24 00:00:00
redhatcve
redhatcve
CVE-2022-24723
2022-03-09 16:57:45
CVE-2022-21803
2022-04-12 20:00:53
CVE-2022-25636
2022-02-22 07:50:41
github
github
Leading white space bypasses protocol validation
2022-03-03 19:23:36
Prototype Pollution in nconf
2022-04-13 00:00:30
Path Traversal: 'dir/../../filename' in moment.locale
2022-04-04 21:25:48
veracode
veracode
Cross-site Scripting (XSS)
2022-03-04 04:13:53
Prototype Pollution
2022-04-13 03:18:28
Path Traversal
2022-04-05 05:27:19
ubuntucve
ubuntucve
CVE-2022-24723
2022-03-03 00:00:00
CVE-2022-25636
2022-02-22 00:00:00
CVE-2022-24785
2022-04-04 00:00:00
f5
f5
K13559191 : Linux kernel vulnerability CVE-2022-25636
2022-06-09 00:00:00
K37256400 : Linux kernel vulnerability CVE-2021-4028
2022-05-02 00:00:00
debiancve
debiancve
CVE-2022-24785
2022-04-04 17:15:00
CVE-2022-25636
2022-02-24 15:15:00
CVE-2022-0536
2022-02-09 11:15:00
hivepro
hivepro
Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
2022-03-17 15:50:05
githubexploit
githubexploit
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-03-07 13:38:41
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-05 07:08:09
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-23 17:49:30
thn
thn
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
2022-03-14 11:05:00
attackerkb
attackerkb
CVE-2022-24785
2022-04-04 00:00:00
broadcom
broadcom
Flaw in polkit
2022-07-29 00:00:00
Flaw in polkit
2022-07-29 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2187)
2022-08-01 00:00:00
Slackware: Security Advisory (SSA:2022-071-01)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-1813)
2022-06-07 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: polkit-0.120-1.fc35.2
2022-02-19 01:32:59
[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.3
2022-03-03 15:50:59
[SECURITY] Fedora 35 Update: nodejs-bash-language-server-2.0.0-2.fc35
2022-02-25 16:53:15
slackware
slackware
[slackware-security] polkit
2022-03-12 21:04:57
redos
redos
ROS-20220318-03
2022-03-18 00:00:00
ubuntu
ubuntu
PolicyKit vulnerability
2022-02-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package polkit version 0.120-alt1.qa2
2022-05-06 00:00:00
mageia
mageia
Updated polkit packages fix security vulnerability
2022-02-22 23:15:16
cbl_mariner
cbl_mariner
CVE-2022-1154 affecting package vim 8.2.4233-1
2022-04-26 20:17:05
suse
suse
Security update for polkit (moderate)
2022-02-21 00:00:00
Security update for haproxy (moderate)
2022-07-06 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.107 Low

EPSS

Percentile

95.0%

JSON
Related for RHSA-2022:1715
redhat29nessus39rocky5osv13oraclelinux5almalinux2ibm20virtuozzo3prion8huntr1cve8cnvd3redhatcve7github5veracode5ubuntucve7f52debiancve5hivepro1githubexploit3thn1attackerkb1broadcom2openvas13fedora3slackware1redos1ubuntu1altlinux1mageia1cbl_mariner1suse2