Lucene search
RedHatRHSA-2023:0264HistoryJan 19, 2023 - 10:15 a.m.
(RHSA-2023:0264) Moderate: Red Hat OpenShift (Logging Subsystem) security update
2023-01-1910:15:30
access.redhat.com
39
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%
Logging Subsystem 5.6.0 - Red Hat OpenShift
- logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
- logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
- logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715)
- logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
- golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
- org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
- org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004)
Related
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Golang Go
2023-02-24 13:11:31
redhat
redhat
(RHSA-2023:0708) Moderate: Release of OpenShift Serverless Client kn 1.27.0
2023-02-09 09:22:38
(RHSA-2023:3613) Moderate: OpenShift Container Platform 4.12.22 packages and security update
2023-06-26 01:05:36
(RHSA-2023:0445) Moderate: go-toolset-1.18 security update
2023-01-25 08:25:10
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.12.22 (RHSA-2023:3613)
2024-01-24 00:00:00
AlmaLinux 8 : Image Builder (ALSA-2023:2780)
2023-05-20 00:00:00
Debian DSA-5283-1 : jackson-databind - security update
2022-11-18 00:00:00
osv
osv
jackson-databind - security update
2022-11-17 00:00:00
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-09 00:00:00
jackson-databind - security update
2022-11-27 00:00:00
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
Updated golang packages fix security vulnerability
2022-10-19 02:14:56
Updated golang packages fix security vulnerability
2022-10-05 08:23:49
openvas
openvas
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DLA-3207-1)
2022-11-28 00:00:00
almalinux
almalinux
Moderate: Image Builder security, bug fix, and enhancement update
2023-05-16 00:00:00
Moderate: go-toolset and golang security and bug fix update
2023-01-23 00:00:00
Moderate: go-toolset:rhel8 security and bug fix update
2023-01-25 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0273
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0273
2022-11-02 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0478
2022-10-27 00:00:00
rocky
rocky
go-toolset and golang security and bug fix update
2023-01-23 14:30:17
go-toolset:rhel8 security and bug fix update
2023-01-25 08:59:15
freebsd
freebsd
go -- multiple vulnerabilities
2022-10-04 00:00:00
go -- multiple vulnerabilities
2022-09-06 00:00:00
oraclelinux
oraclelinux
Image Builder security, bug fix, and enhancement update
2023-05-15 00:00:00
Image Builder security, bug fix, and enhancement update
2023-05-24 00:00:00
go-toolset and golang security and bug fix update
2023-01-24 00:00:00
suse
suse
Security update for go1.19 (important)
2022-10-20 00:00:00
Security update for go1.18 (important)
2022-10-20 00:00:00
Security update for go1.19 (important)
2022-09-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.18.7-alt1
2022-10-18 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: golang-1.19.2-1.fc37
2022-10-17 22:55:43
[SECURITY] Fedora 36 Update: golang-1.18.6-1.fc36
2022-09-13 01:30:19
[SECURITY] Fedora 37 Update: golang-1.19.1-1.fc37
2022-09-16 00:17:41
gentoo
gentoo
Go: Multiple Vulnerabilities
2022-09-29 00:00:00
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
amazon
amazon
Important: golist
2023-01-18 00:17:00
Important: golang
2022-12-01 20:31:00
ubuntucve
ubuntucve
CVE-2022-37601
2022-10-12 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%
Related for RHSA-2023:0264