Lucene search

RedhatVULNRICHMENT:CVE-2022-4039

HistorySep 22, 2023 - 2:00 p.m.

CVE-2022-4039 Rhsso-container-image: unsecured management interface exposed to adjecent network

2023-09-2214:00:39

CWE-276

redhat

github.com

rhsso-container-image

unsecured

management interface

flaw

attacker

app server configuration

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

47.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

References

access.redhat.com/errata/RHSA-2023:1047

access.redhat.com/security/cve/CVE-2022-4039

bugzilla.redhat.com/show_bug.cgi?id=2143416

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

47.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2022-4039