Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:8781
HistoryDec 08, 2022 - 7:35 a.m.

(RHSA-2022:8781) Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

2022-12-0807:35:26
access.redhat.com
18
red hat openshift
logging subsystem
security update
cve-2020-36518
cve-2022-27664
cve-2022-2879
cve-2022-2880
cve-2022-41715
cve-2022-42003
cve-2022-42004
cve-2022-37603
cve-2022-32189
unix

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N

EPSS

0.128

Percentile

95.5%

JSON

Logging Subsystem 5.5.5 - Red Hat OpenShift

Security Fixe(s):

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

  • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

  • golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • loader-utils: Regular expression denial of service (CVE-2022-37603)

  • golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 22
almalinux 10
osv 23
nessus 76
rocky 9
oraclelinux 10
ibm 2
openvas 27
suse 2
f5 1
broadcom 1
centos 1
amazon 2
fedora 6
ubuntu 2
debian 2
archlinux 1
kaspersky 1
apple 1
redhat
redhat
(RHSA-2022:8889) Moderate: Openshift Logging 5.3.14 bug fix release and security update
2022-12-08 16:23:35
(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update
2022-12-14 19:39:55
(RHSA-2022:8938) Low: Release of OpenShift Serverless 1.26.0
2022-12-13 02:09:25
almalinux
almalinux
Moderate: kernel-rt security and bug fix update
2022-11-08 00:00:00
Moderate: kernel security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
osv
osv
Moderate: kernel security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: kernel-rt security and bug fix update
2022-11-08 00:00:00
Moderate: kernel security, bug fix, and enhancement update
2022-11-08 06:26:19
nessus
nessus
AlmaLinux 8 : kernel (ALSA-2022:7683)
2022-11-14 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2022:7444)
2023-11-07 00:00:00
AlmaLinux 8 : kernel-rt (ALSA-2022:7444)
2022-11-12 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-11-08 06:19:55
kernel security, bug fix, and enhancement update
2022-11-08 06:26:19
webkit2gtk3 security and bug fix update
2022-11-08 06:26:46
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2022-11-15 00:00:00
webkit2gtk3 security and bug fix update
2022-11-15 00:00:00
webkit2gtk3 security and bug fix update
2022-11-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel and Golang Go might affect IBM Spectrum Copy Data Management
2023-01-17 16:48:39
Security Bulletin: Multiple Security vulnerabilities in Java may affect IBM Robotic Process Automation for Cloud Pak (CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399)
2023-01-25 20:46:53
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2030-1)
2022-06-10 00:00:00
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2022:2071-1)
2022-06-15 00:00:00
openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2022:2072-1)
2022-06-15 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2022-06-14 00:00:00
Security update for webkit2gtk3 (important)
2022-06-14 00:00:00
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00
broadcom
broadcom
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
2023-08-29 00:00:00
centos
centos
java security update
2022-10-26 14:18:08
amazon
amazon
Medium: java-11-amazon-corretto
2022-10-17 21:46:00
Medium: java-17-amazon-corretto
2022-10-17 21:46:00
fedora
fedora
[SECURITY] Fedora 36 Update: java-11-openjdk-11.0.17.0.8-2.fc36
2022-11-03 15:58:43
[SECURITY] Fedora 37 Update: java-11-openjdk-11.0.17.0.8-1.fc37
2022-11-10 22:53:45
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.17.0.8-2.fc35
2022-11-03 15:31:22
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-11-09 00:00:00
WebKitGTK vulnerabilities
2022-06-01 00:00:00
debian
debian
[SECURITY] [DSA 5155-1] wpewebkit security update
2022-05-31 23:39:09
[SECURITY] [DSA 5154-1] webkit2gtk security update
2022-05-31 23:38:05
archlinux
archlinux
[ASA-202204-6] libtiff: multiple issues
2022-04-05 00:00:00
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00
apple
apple
About the security content of Safari 15.5
2022-05-16 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:N/SA:N

EPSS

0.128

Percentile

95.5%

JSON
Related for RHSA-2022:8781
redhat22almalinux10osv23nessus76rocky9oraclelinux10ibm2openvas27suse2f51broadcom1centos1amazon2fedora6ubuntu2debian2archlinux1kaspersky1apple1