Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6835
HistoryOct 06, 2022 - 12:24 p.m.

(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]

2022-10-0612:24:42
access.redhat.com
25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON

This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes.

Security Fix(es):

  • cron-utils: template Injection leading to unauthenticated Remote Code Execution (CVE-2021-41269)

  • prismjs: improperly escaped output allows a XSS (CVE-2022-23647)

  • snakeyaml: Denial of Service due missing to nested depth limitation for collections (CVE-2022-25857)

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

  • quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)

  • quarkus-jdbc-postgresql-deployment: jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)

  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)

  • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)

  • node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery (CVE-2022-24771)

  • node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)

  • node-forge: Signature verification leniency in checking DigestInfo structure (CVE-2022-24773)

  • com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

  • terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)

  • graphql-java: DoS by malicious query (CVE-2022-37734)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 47
redhat 10
osv 30
debian 3
openvas 8
nessus 9
veracode 14
redhatcve 12
prion 12
github 13
cve 12
debiancve 9
ubuntucve 9
suse 2
f5 2
githubexploit 1
wolfi 1
cgr 1
alpinelinux 1
atlassian 2
oraclelinux 1
ibm
ibm
Security Bulletin: Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
2023-05-08 20:20:36
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 17:28:42
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)
2023-02-01 15:51:44
redhat
redhat
(RHSA-2021:3959) Moderate: Red Hat build of Eclipse Vert.x 4.1.5 security update
2021-11-10 16:37:03
(RHSA-2021:4851) Low: Red Hat AMQ Broker 7.9.1 release and security update
2021-11-30 08:40:21
(RHSA-2022:1739) Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update
2022-05-05 18:01:19
osv
osv
libpgjava - security update
2022-07-31 00:00:00
Critical vulnerability found in cron-utils
2021-11-15 23:27:11
CVE-2021-41269
2021-11-15 21:15:07
debian
debian
[SECURITY] [DSA 5196-1] libpgjava security update
2022-07-31 11:22:59
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DSA 5316-1] netty security update
2023-01-11 22:38:12
openvas
openvas
Debian: Security Advisory (DSA-5196-1)
2022-08-01 00:00:00
Debian: Security Advisory (DLA-3268-1)
2023-01-12 00:00:00
Debian: Security Advisory (DLA-3018-1)
2022-05-21 00:00:00
nessus
nessus
Debian DSA-5196-1 : libpgjava - security update
2022-07-31 00:00:00
SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2022:2655-1)
2022-08-04 00:00:00
EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-1946)
2022-06-22 00:00:00
veracode
veracode
Template Injection
2021-11-16 03:47:31
Regular Expression Denial Of Service (ReDoS)
2022-07-18 13:11:39
Arbitrary File Write
2022-10-05 22:31:26
redhatcve
redhatcve
CVE-2021-41269
2021-11-18 15:03:35
CVE-2022-24771
2022-03-23 21:03:33
CVE-2021-22569
2022-01-12 23:32:15
prion
prion
Cross site scripting
2022-02-18 15:15:00
Remote code execution
2021-11-15 21:15:00
Design/Logic Flaw
2022-03-18 14:15:00
github
github
Critical vulnerability found in cron-utils
2021-11-15 23:27:11
Improper Verification of Cryptographic Signature in node-forge
2022-03-18 23:10:28
Path traversal in org.postgresql:postgresql
2022-03-11 00:02:02
cve
cve
CVE-2021-41269
2021-11-15 21:15:00
CVE-2022-24771
2022-03-18 14:15:00
CVE-2022-26520
2022-03-10 17:47:00
debiancve
debiancve
CVE-2022-26520
2022-03-10 17:47:00
CVE-2022-25858
2022-07-15 20:15:00
CVE-2022-24771
2022-03-18 14:15:00
ubuntucve
ubuntucve
CVE-2021-22569
2022-01-10 00:00:00
CVE-2022-23647
2022-02-18 00:00:00
CVE-2022-24771
2022-03-18 00:00:00
suse
suse
Security update for netty (important)
2022-04-20 00:00:00
Security update for postgresql-jdbc (moderate)
2022-08-03 00:00:00
f5
f5
K69124112 : PostgreSQL JDBC vulnerability CVE-2022-21724
2022-04-29 00:00:00
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-05-05 09:06:28
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-05-05 09:06:28
alpinelinux
alpinelinux
CVE-2022-21724
2022-02-02 12:15:00
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
2022-04-20 20:14:01
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.2%

JSON
Related for RHSA-2022:6835
ibm47redhat10osv30debian3openvas8nessus9veracode14redhatcve12prion12github13cve12debiancve9ubuntucve9suse2f52githubexploit1wolfi1cgr1alpinelinux1atlassian2oraclelinux1