Lucene search

K
redhatRedHatRHSA-2024:3550
HistoryJun 03, 2024 - 11:50 a.m.

(RHSA-2024:3550) Important: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

2024-06-0311:50:58
access.redhat.com
10
hawtio
red hat
apache camel
security
stability
spring-security
nodejs-ip
jose4j
netty-codec-http
follow-redirects
access control
denial of service
resource allocation
credential leak

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

35.9%

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available.

The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.

  • spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (TRIAGE CVE-2024-22234)

  • nodejs-ip: arbitrary code execution via the isPublic() function (TRIAGE CVE-2023-42282)

  • jose4j: denial of service via specially crafted JWE (TRIAGE CVE-2023-51775)

  • netty-codec-http: Allocation of Resources Without Limits or Throttling (TRIAGE CVE-2024-29025)

  • follow-redirects: Possible credential leak (TRIAGE CVE-2024-28849)

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

35.9%