Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:4623
HistoryMay 18, 2022 - 10:52 a.m.

(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update

2022-05-1810:52:45
access.redhat.com
57

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • gradle: information disclosure through temporary directory permissions (CVE-2021-29429)

  • gradle: repository content filters do not work in Settings pluginManagement (CVE-2021-29427)

  • gradle: local privilege escalation through system temporary director (CVE-2021-29428)

  • smallrye-health-ui: persistent cross-site scripting in endpoint (CVE-2021-3914)

  • Quarkus Resteasy component may return Resteasy implementation details

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)

  • mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

  • quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

debiancve 7
nessus 32
osv 25
alpinelinux 4
ubuntucve 7
prion 9
cve 9
redhatcve 9
f5 2
githubexploit 1
veracode 6
ibm 36
wolfi 2
cgr 2
github 6
cbl_mariner 2
cnvd 1
suse 3
atlassian 2
debian 5
fedora 1
redhat 25
ubuntu 2
rocky 1
debiancve
debiancve
CVE-2021-29429
2021-04-12 22:15:00
CVE-2021-29428
2021-04-13 20:15:00
CVE-2021-29427
2021-04-13 20:15:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)
2023-04-18 00:00:00
EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-1946)
2022-06-22 00:00:00
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14753)
2024-01-11 00:00:00
osv
osv
CVE-2021-29429
2021-04-12 22:15:13
CVE-2021-29428
2021-04-13 20:15:21
BIT-gradle-2021-29428
2024-03-06 10:54:54
alpinelinux
alpinelinux
CVE-2021-29428
2021-04-13 20:15:00
CVE-2021-29429
2021-04-12 22:15:00
CVE-2021-29427
2021-04-13 20:15:00
ubuntucve
ubuntucve
CVE-2021-29428
2021-04-13 00:00:00
CVE-2021-29429
2021-04-12 00:00:00
CVE-2021-29427
2021-04-13 00:00:00
prion
prion
Design/Logic Flaw
2021-04-13 20:15:00
Information disclosure
2021-04-12 22:15:00
Directory traversal
2021-04-13 20:15:00
cve
cve
CVE-2021-29429
2021-04-12 22:15:00
CVE-2021-29427
2021-04-13 20:15:00
CVE-2021-29428
2021-04-13 20:15:00
redhatcve
redhatcve
CVE-2021-29429
2021-04-14 17:39:30
CVE-2021-29427
2021-04-14 17:39:25
CVE-2021-29428
2021-04-14 18:09:28
f5
f5
K69124112 : PostgreSQL JDBC vulnerability CVE-2022-21724
2022-04-29 00:00:00
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
veracode
veracode
Denial Of Service (DoS)
2022-06-01 09:52:03
Denial Of Service (DoS)
2022-01-10 05:41:50
Remote Code Execution (RCE)
2022-02-03 08:33:39
ibm
ibm
Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)
2022-11-07 11:28:53
Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)
2023-01-12 21:59:00
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Google Protocol Buffers
2022-04-27 14:52:22
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-04-20 09:09:23
CVE-2022-21724 vulnerabilities
2024-04-20 09:09:23
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-04-20 09:12:08
CVE-2022-21724 vulnerabilities
2024-04-20 09:12:08
github
github
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
2022-02-02 00:04:20
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
HTTP request smuggling in netty
2021-12-09 19:09:17
cbl_mariner
cbl_mariner
CVE-2022-21363 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
CVE-2022-21363 affecting package mysql 8.0.24-1
2022-04-09 06:53:03
cnvd
cnvd
Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)
2022-01-26 00:00:00
suse
suse
Security update for netty3 (moderate)
2022-06-13 00:00:00
Security update for protobuf (important)
2022-11-09 00:00:00
Security update for netty (important)
2022-04-20 00:00:00
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
2022-04-20 20:14:01
debian
debian
[SECURITY] [DLA 3018-1] libpgjava security update
2022-05-20 20:43:57
[SECURITY] [DSA 5196-1] libpgjava security update
2022-07-31 11:22:59
[SECURITY] [DLA 3393-1] protobuf security update
2023-04-18 07:12:21
fedora
fedora
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.25-1.fc35
2022-04-14 16:07:47
redhat
redhat
(RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update
2022-04-13 11:23:09
(RHSA-2022:7896) Moderate: Red Hat Integration Debezium 1.9.7 security update
2022-11-09 13:46:18
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
2022-10-06 12:24:42
ubuntu
ubuntu
Protocol Buffers vulnerabilities
2023-03-13 00:00:00
Netty vulnerabilities
2023-04-28 00:00:00
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON
Related for RHSA-2022:4623
debiancve7nessus32osv25alpinelinux4ubuntucve7prion9cve9redhatcve9f52githubexploit1veracode6ibm36wolfi2cgr2github6cbl_mariner2cnvd1suse3atlassian2debian5fedora1redhat25ubuntu2rocky1