All the vulnerabilites related to Red Hat - Red Hat build of Quarkus
cve-2024-1300
Vulnerability from cvelistv5
Published
2024-04-02 07:33
Modified
2024-11-25 02:45
Severity ?
EPSS score ?
Summary
Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1706 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1923 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2088 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2833 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3527 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3989 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4884 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1300 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2263139 | issue-tracking, x_refsource_REDHAT | |
https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni. |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 4.3.4 ≤ 4.5.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1300", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-02T15:16:36.592165Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T19:53:23.394Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:33:25.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:1923", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "name": "RHBZ#2263139", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "tags": [ "x_transferred" ], "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://vertx.io/docs/vertx-core/java/", "defaultStatus": "unaffected", "packageName": "io.vertx:vertx-core", "versions": [ { "lessThanOrEqual": "4.5.2", "status": "affected", "version": "4.3.4", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "CEQ 3.2", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-18", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-11", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-12", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-10", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "cpe:/a:redhat:migration_toolkit_applications:6.2::el8" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat AMQ Streams 2.7.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.8.redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2.5" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "RHINT Service Registry 2.5.11 GA", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "vertx-core", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "vertx-core", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "datePublic": "2024-02-06T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T02:45:39.468Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:1923", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "name": "RHBZ#2263139", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "timeline": [ { "lang": "en", "time": "2024-02-07T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-06T00:00:00+00:00", "value": "Made public." } ], "title": "Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-1392-\u003eCWE-401: Use of Default Credentials leads to Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1300", "datePublished": "2024-04-02T07:33:05.215Z", "dateReserved": "2024-02-07T07:11:11.156Z", "dateUpdated": "2024-11-25T02:45:39.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2700
Vulnerability from cvelistv5
Published
2024-04-04 13:46
Modified
2024-11-24 15:37
Severity ?
EPSS score ?
Summary
Quarkus-core: leak of local configuration properties into quarkus applications
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2106 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2705 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3527 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4028 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4873 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-2700 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2273281 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 3.8.4 Version: 3.2.12 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-2700", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T20:55:35.446485Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:30:17.872Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:48.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2106", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2106" }, { "name": "RHSA-2024:2705", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2705" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:4028", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4028" }, { "name": "RHSA-2024:4873", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2700" }, { "name": "RHBZ#2273281", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/cockpit-project/cockpit/", "defaultStatus": "unaffected", "packageName": "quarkus-core", "versions": [ { "status": "affected", "version": "3.8.4" }, { "status": "affected", "version": "3.2.12" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "product": "Red Hat AMQ Streams 2.7.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apicurio_registry:2.6" ], "defaultStatus": "unaffected", "packageName": "quarkus-core", "product": "Red Hat build of Apicurio Registry 2.6.1 GA", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-core", "product": "Red Hat build of Quarkus 3.2.12.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3.2.12.Final-redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-core", "product": "Red Hat build of Quarkus 3.8.4.redhat", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3.8.4.redhat-00002", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/client-kn-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-istio-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-mtbroker-filter-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-mtchannel-broker-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-mtping-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-storage-version-migration-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/eventing-webhook-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/func-utils-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/ingress-rhel8-operator", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/knative-rhel8-operator", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/kn-cli-artifacts-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/kourier-control-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/net-istio-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/net-istio-webhook-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serverless-operator-bundle", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-6", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serverless-rhel8-operator", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-activator-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-autoscaler-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-controller-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-queue-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/serving-webhook-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/svls-must-gather-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.12.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat build of Apache Camel for Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhboac_hawtio:4" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat build of Apache Camel - HawtIO", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "quarkus-core", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" } ], "datePublic": "2024-04-03T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-526", "description": "Cleartext Storage of Sensitive Information in an Environment Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T15:37:31.915Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2106", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2106" }, { "name": "RHSA-2024:2705", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2705" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:4028", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4028" }, { "name": "RHSA-2024:4873", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-2700" }, { "name": "RHBZ#2273281", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" } ], "timeline": [ { "lang": "en", "time": "2024-04-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-03T00:00:00+00:00", "value": "Made public." } ], "title": "Quarkus-core: leak of local configuration properties into quarkus applications", "workarounds": [ { "lang": "en", "value": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available." } ], "x_redhatCweChain": "CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-2700", "datePublished": "2024-04-04T13:46:39.956Z", "dateReserved": "2024-03-20T01:39:49.992Z", "dateUpdated": "2024-11-24T15:37:31.915Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6717
Vulnerability from cvelistv5
Published
2024-04-25 16:02
Modified
2024-12-06 18:47
Severity ?
EPSS score ?
Summary
Keycloak: xss via assertion consumer service url in saml post-binding flow
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1353 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1867 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1868 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2945 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4057 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6717 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253952 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7.12 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6717", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T19:15:14.697195Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:16:59.611Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T08:35:14.887Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:4057", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6717" }, { "name": "RHBZ#2253952", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.12" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-operator-bundle", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22.0.10-1", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-13", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9-operator", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-16", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:22" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat build of Keycloak 22.0.10", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-data-index-ephemeral-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-data-index-postgresql-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-operator-bundle", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-rhel8-operator", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-3", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-swf-builder-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:openshift_serverless:1.33::el8" ], "defaultStatus": "affected", "packageName": "openshift-serverless-1/logic-swf-devmode-rhel8", "product": "RHOSS-1.33-RHEL-8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.33.0-5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" ], "defaultStatus": "unaffected", "product": "RHPAM 7.13.5 async", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6" ], "defaultStatus": "affected", "packageName": "mta/mta-ui-rhel8", "product": "Migration Toolkit for Applications 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:7" ], "defaultStatus": "affected", "packageName": "mta/mta-ui-rhel9", "product": "Migration Toolkit for Applications 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "org.keycloak/keycloak-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhdh:1" ], "defaultStatus": "affected", "packageName": "rhdh-hub-container", "product": "Red Hat Developer Hub", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "org.keycloak-keycloak-parent", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "rh-sso7-keycloak", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_gitops:1" ], "defaultStatus": "affected", "packageName": "openshift-gitops-1/gitops-rhel8-operator", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "datePublic": "2024-04-16T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-06T18:47:19.622Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1353", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1353" }, { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:4057", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4057" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6717" }, { "name": "RHBZ#2253952", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253952" } ], "timeline": [ { "lang": "en", "time": "2023-12-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-16T00:00:00+00:00", "value": "Made public." } ], "title": "Keycloak: xss via assertion consumer service url in saml post-binding flow", "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6717", "datePublished": "2024-04-25T16:02:03.267Z", "dateReserved": "2023-12-12T07:30:43.924Z", "dateUpdated": "2024-12-06T18:47:19.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5971
Vulnerability from cvelistv5
Published
2024-07-08 20:51
Modified
2024-11-15 21:04
Severity ?
EPSS score ?
Summary
Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4392 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4884 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5143 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5144 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5147 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6508 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6883 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-5971 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2292211 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 < 2.2.34.Final Version: 2.3.0.Alpha1 < 2.3.15.Final |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-5971", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:48:10.532625Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:48:19.006Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-28T15:02:51.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:4392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4392" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-5971" }, { "name": "RHBZ#2292211", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" }, { "url": "https://security.netapp.com/advisory/ntap-20240828-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "packageName": "undertow", "versions": [ { "lessThan": "2.2.34.Final", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2.3.15.Final", "status": "affected", "version": "2.3.0.Alpha1", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:3.20.7" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.2" ], "defaultStatus": "unaffected", "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhboac_hawtio:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel - HawtIO", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "datePublic": "2024-07-08T20:46:55+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-674", "description": "Uncontrolled Recursion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:04:09.370Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:4392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4392" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "name": "RHSA-2024:5143", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5143" }, { "name": "RHSA-2024:5144", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5144" }, { "name": "RHSA-2024:5145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5145" }, { "name": "RHSA-2024:5147", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5147" }, { "name": "RHSA-2024:6508", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6508" }, { "name": "RHSA-2024:6883", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6883" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-5971" }, { "name": "RHBZ#2292211", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" } ], "timeline": [ { "lang": "en", "time": "2024-06-13T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-08T20:46:55+00:00", "value": "Made public." } ], "title": "Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-674: Uncontrolled Recursion" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-5971", "datePublished": "2024-07-08T20:51:29.223Z", "dateReserved": "2024-06-13T13:50:13.855Z", "dateUpdated": "2024-11-15T21:04:09.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5379
Vulnerability from cvelistv5
Published
2023-12-12 21:54
Modified
2024-12-02 14:30
Severity ?
EPSS score ?
Summary
Undertow: ajp request closes connection exceeding maxrequestsize
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:4509 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-5379 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242099 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:43.927Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:4509", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5379" }, { "name": "RHBZ#2242099", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-5379", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2023-12-18T21:09:22.233848Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T14:30:02.796Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat support for Spring Boot", "vendor": "Red Hat" } ], "datePublic": "2023-12-12T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS)." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:10:18.872Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:4509", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5379" }, { "name": "RHBZ#2242099", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099" } ], "timeline": [ { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-12T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: ajp request closes connection exceeding maxrequestsize", "x_redhatCweChain": "CWE-400-\u003eCWE-770: Uncontrolled Resource Consumption leads to Allocation of Resources Without Limits or Throttling" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-5379", "datePublished": "2023-12-12T21:54:52.669Z", "dateReserved": "2023-10-04T11:52:15.504Z", "dateUpdated": "2024-12-02T14:30:02.796Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6393
Vulnerability from cvelistv5
Published
2023-12-06 16:58
Modified
2024-11-23 03:35
Severity ?
EPSS score ?
Summary
Quarkus: potential invalid reuse of context when @cacheresult on a uni is used
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:7700 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-6393 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2253113 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat build of Quarkus 2.13.9.Final |
Unaffected: 2.13.9.Final-redhat-00002 < * cpe:/a:redhat:quarkus:2.13 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6393" }, { "name": "RHBZ#2253113", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253113" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2.13" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-cache", "product": "Red Hat build of Quarkus 2.13.9.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.13.9.Final-redhat-00002", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-cache", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" } ], "datePublic": "2023-11-15T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial \"completion\" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:35:49.598Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:7700", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7700" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6393" }, { "name": "RHBZ#2253113", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253113" } ], "timeline": [ { "lang": "en", "time": "2023-11-14T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-15T00:00:00+00:00", "value": "Made public." } ], "title": "Quarkus: potential invalid reuse of context when @cacheresult on a uni is used", "workarounds": [ { "lang": "en", "value": "No mitigation is currently available for this flaw." } ], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6393", "datePublished": "2023-12-06T16:58:54.230Z", "dateReserved": "2023-11-30T03:30:16.241Z", "dateUpdated": "2024-11-23T03:35:49.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1459
Vulnerability from cvelistv5
Published
2024-02-12 20:30
Modified
2024-11-23 03:33
Severity ?
EPSS score ?
Summary
Undertow: directory traversal vulnerability
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1674 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1675 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1676 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1677 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2763 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2764 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1459 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2259475 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 < 2.3.12 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1459", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-13T15:51:43.437025Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:26.959Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:46.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "name": "RHSA-2024:2764", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "name": "RHBZ#2259475", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected", "packageName": "undertow", "versions": [ { "lessThan": "2.3.12", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-activemq-artemis", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-apache-cxf", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-eclipse-jgit", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-elytron-web", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-hal-console", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-hibernate", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-infinispan", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-insights-java-client", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jberet", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jboss-annotations-api_1.3_spec", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jboss-cert-helper", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jboss-remoting", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jboss-server-migration", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jboss-xnio-base", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-jgroups-kubernetes", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-lucene-solr", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-wildfly-elytron", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-activemq-artemis", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-apache-cxf", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-eclipse-jgit", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-elytron-web", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-hal-console", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-hibernate", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-infinispan", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-insights-java-client", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jberet", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jboss-annotations-api_1.3_spec", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jboss-cert-helper", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jboss-remoting", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jboss-server-migration", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jboss-xnio-base", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-jgroups-kubernetes", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-lucene-solr", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-wildfly-elytron", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-activemq-artemis", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.16.0-18.redhat_00052.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-apache-cxf", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.4.10-2.redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-eclipse-jgit", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-elytron-web", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.4-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-hal-console", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.3.21-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-hibernate", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.3.36-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-infinispan", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:11.0.18-2.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-insights-java-client", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jberet", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.3.9-3.SP3_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jboss-annotations-api_1.3_spec", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.1-3.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jboss-cert-helper", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.1.2-1.redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jboss-remoting", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.0.27-4.SP2_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jboss-server-migration", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.10.0-35.Final_redhat_00034.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jboss-xnio-base", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.8.12-1.SP2_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-jgroups-kubernetes", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.0.17-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-lucene-solr", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:5.5.5-6.redhat_2.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.16-4.GA_redhat_00002.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-wildfly-elytron", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.15.22-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank AAIB IT Unix Team for reporting this issue." } ], "datePublic": "2024-01-18T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-24", "description": "Path Traversal: \u0027../filedir\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:33:41.193Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "name": "RHSA-2024:2764", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "name": "RHBZ#2259475", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" } ], "timeline": [ { "lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-18T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: directory traversal vulnerability", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-24: Path Traversal: \u0027../filedir\u0027" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1459", "datePublished": "2024-02-12T20:30:03.768Z", "dateReserved": "2024-02-12T20:12:13.991Z", "dateUpdated": "2024-11-23T03:33:41.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1415
Vulnerability from cvelistv5
Published
2023-09-11 20:20
Modified
2024-09-25 19:54
Severity ?
EPSS score ?
Summary
Drools: unsafe data deserialization in streamutils
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2022:6813 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2022-1415 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2065505 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat | RHPAM 7.13.1 async |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:05.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2022:6813", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1415" }, { "name": "RHBZ#2065505", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-1415", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-25T19:54:20.753486Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-25T19:54:35.795Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" ], "defaultStatus": "unaffected", "product": "RHPAM 7.13.1 async", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat build of Apache Camel for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "affected", "packageName": "drools-core", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_virtualization:6" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat JBoss Data Virtualization 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "drools-core", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "drools-core", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "drools-core", "product": "Red Hat JBoss Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "drools-core", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "drools-core", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Paulino Calderon (Websec) for reporting this issue." } ], "datePublic": "2022-10-28T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:23.354Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2022:6813", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1415" }, { "name": "RHBZ#2065505", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505" } ], "timeline": [ { "lang": "en", "time": "2021-12-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-10-28T00:00:00+00:00", "value": "Made public." } ], "title": "Drools: unsafe data deserialization in streamutils", "x_redhatCweChain": "CWE-502: Deserialization of Untrusted Data" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1415", "datePublished": "2023-09-11T20:20:23.745Z", "dateReserved": "2022-04-20T12:43:39.822Z", "dateUpdated": "2024-09-25T19:54:35.795Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1635
Vulnerability from cvelistv5
Published
2024-02-19 21:23
Modified
2024-11-13 18:06
Severity ?
EPSS score ?
Summary
Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1674 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1675 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1676 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1677 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1860 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1861 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1862 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1864 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1866 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1635 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2264928 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 1.31.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1635", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T16:54:05.178381Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T13:50:19.172Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "name": "RHBZ#2264928", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240322-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected", "packageName": "undertow", "versions": [ { "status": "affected", "version": "1.31.0" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-46", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "RHSSO 7.6.8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "streams for Apache Kafka", "vendor": "Red Hat" } ], "datePublic": "2023-10-27T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:06:28.616Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1635" }, { "name": "RHBZ#2264928", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928" } ], "timeline": [ { "lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-27T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol", "workarounds": [ { "lang": "en", "value": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact." } ], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1635", "datePublished": "2024-02-19T21:23:14.496Z", "dateReserved": "2024-02-19T17:25:58.418Z", "dateUpdated": "2024-11-13T18:06:28.616Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3653
Vulnerability from cvelistv5
Published
2024-07-08 21:21
Modified
2024-11-24 23:40
Severity ?
EPSS score ?
Summary
Undertow: learningpushhandler can lead to remote memory dos attacks
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:4392 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5143 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5144 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:5147 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6437 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-3653 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2274437 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 < |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3653", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T15:00:49.417301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T15:01:06.286Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-28T15:02:47.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:4392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4392" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3653" }, { "name": "RHBZ#2274437", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437" }, { "url": "https://security.netapp.com/advisory/ntap-20240828-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected", "packageName": "undertow", "versions": [ { "lessThanOrEqual": "2.3.14.Final", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.8::el8" ], "defaultStatus": "affected", "packageName": "io.quarkus.http/quarkus-http-core", "product": "Red Hat build of Quarkus 3.8.6.redhat", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "5.2.4.redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhboac_hawtio:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel - HawtIO", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "streams for Apache Kafka", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Keke Lian, Haoran Zhao, and Yongheng Liu (Secsys Lab of Fudan University) for reporting this issue." } ], "datePublic": "2024-07-08T20:53:45+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server\u0027s config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T23:40:26.141Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:4392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4392" }, { "name": "RHSA-2024:5143", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5143" }, { "name": "RHSA-2024:5144", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5144" }, { "name": "RHSA-2024:5145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5145" }, { "name": "RHSA-2024:5147", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:5147" }, { "name": "RHSA-2024:6437", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6437" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3653" }, { "name": "RHBZ#2274437", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437" } ], "timeline": [ { "lang": "en", "time": "2024-04-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-07-08T20:53:45+00:00", "value": "Made public." } ], "title": "Undertow: learningpushhandler can lead to remote memory dos attacks", "workarounds": [ { "lang": "en", "value": "Setting the maxAge configuration is sufficient to prevent the behavior of this vulnerability being explored." } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-3653", "datePublished": "2024-07-08T21:21:20.899Z", "dateReserved": "2024-04-11T04:14:52.345Z", "dateUpdated": "2024-11-24T23:40:26.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4245
Vulnerability from cvelistv5
Published
2023-09-25 19:20
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Codehaus-plexus: xml external entity (xxe) injection
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:2135 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:3906 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2022-4245 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2149843 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | RHINT Camel-K-1.10.1 |
cpe:/a:redhat:camel_k:1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-4245", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-07T17:32:13.401725Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:16:32.674Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3906" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4245" }, { "name": "RHBZ#2149843", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149843" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:camel_k:1" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "RHINT Camel-K-1.10.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" ], "defaultStatus": "unaffected", "product": "RHPAM 7.13.1 async", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_online:1" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat A-MQ Online", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat build of Apache Camel for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "plexus-utils", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "maven:3.6/plexus-utils", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "maven:3.8/plexus-utils", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "maven:3.8/plexus-utils", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "plexus-utils", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Change Data Capture", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Service Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss A-MQ 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_web_server:3" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Web Server 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_web_server:5" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Web Server 5", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat OpenShift Application Runtimes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "org.codehaus.plexus-plexus-utils", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-byte-buddy", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-archiver", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-assembly-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-compiler-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-jar-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-plugin-bundle", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-remote-resources-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-shade-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-source-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-surefire", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-plexus-utils", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat support for Spring Boot", "vendor": "Red Hat" } ], "datePublic": "2022-12-01T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --\u003e sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-91", "description": "XML Injection (aka Blind XPath Injection)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:28.238Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3906" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4245" }, { "name": "RHBZ#2149843", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149843" } ], "timeline": [ { "lang": "en", "time": "2022-12-01T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-12-01T00:00:00+00:00", "value": "Made public." } ], "title": "Codehaus-plexus: xml external entity (xxe) injection", "x_redhatCweChain": "CWE-91: XML Injection (aka Blind XPath Injection)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4245", "datePublished": "2023-09-25T19:20:57.329Z", "dateReserved": "2022-12-01T06:39:39.475Z", "dateUpdated": "2024-08-03T01:34:49.896Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3223
Vulnerability from cvelistv5
Published
2023-09-27 13:54
Modified
2024-08-02 06:48
Severity ?
EPSS score ?
Summary
Undertow: outofmemoryerror due to @multipartconfig handling
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Fuse 7.12.1 |
cpe:/a:redhat:jboss_fuse:7 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-3223", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-13T20:07:40.554787Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-13T20:07:46.970Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:07.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:4505", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4505" }, { "name": "RHSA-2023:4506", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4506" }, { "name": "RHSA-2023:4507", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4507" }, { "name": "RHSA-2023:4509", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "name": "RHSA-2023:4918", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4918" }, { "name": "RHSA-2023:4919", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4919" }, { "name": "RHSA-2023:4920", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4920" }, { "name": "RHSA-2023:4921", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4921" }, { "name": "RHSA-2023:4924", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4924" }, { "name": "RHSA-2023:7247", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3223" }, { "name": "RHBZ#2209689", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231027-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Fuse 7.12.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.1.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.25-3.SP3_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.25-3.SP3_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.25-3.SP3_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6.5" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7.6.5", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.9-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.9-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.9-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-27", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Service Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack-optools:13" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat OpenStack Platform 13 (Queens) Operational Tools", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat support for Spring Boot", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Keke Lian \u0026 Haoran Zhao (SecSys Lab) for reporting this issue." } ], "datePublic": "2023-08-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:37.244Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:4505", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4505" }, { "name": "RHSA-2023:4506", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4506" }, { "name": "RHSA-2023:4507", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4507" }, { "name": "RHSA-2023:4509", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "name": "RHSA-2023:4918", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4918" }, { "name": "RHSA-2023:4919", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4919" }, { "name": "RHSA-2023:4920", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4920" }, { "name": "RHSA-2023:4921", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4921" }, { "name": "RHSA-2023:4924", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4924" }, { "name": "RHSA-2023:7247", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3223" }, { "name": "RHBZ#2209689", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689" }, { "url": "https://security.netapp.com/advisory/ntap-20231027-0004/" } ], "timeline": [ { "lang": "en", "time": "2023-05-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-08-07T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: outofmemoryerror due to @multipartconfig handling", "x_redhatCweChain": "CWE-789: Memory Allocation with Excessive Size Value" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3223", "datePublished": "2023-09-27T13:54:44.682Z", "dateReserved": "2023-06-13T15:50:40.922Z", "dateUpdated": "2024-08-02T06:48:07.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1979
Vulnerability from cvelistv5
Published
2024-03-13 09:41
Modified
2024-11-24 14:50
Severity ?
EPSS score ?
Summary
Quarkus: information leak in annotation
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1979 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2266690 | issue-tracking, x_refsource_REDHAT | |
https://github.com/quarkusio/quarkus/issues/38055 |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 < 3.2.11 |
||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1979", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:24:03.945461Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:25.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:56:22.962Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1979" }, { "name": "RHBZ#2266690", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266690" }, { "tags": [ "x_transferred" ], "url": "https://github.com/quarkusio/quarkus/issues/38055" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/quarkusio/quarkus/", "defaultStatus": "unaffected", "packageName": "quarkus", "versions": [ { "lessThan": "3.2.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-kubernetes-deployment", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3.2.11.Final-redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-kubernetes-deployment", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" } ], "datePublic": "2024-01-05T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T14:50:53.426Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1979" }, { "name": "RHBZ#2266690", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266690" }, { "url": "https://github.com/quarkusio/quarkus/issues/38055" } ], "timeline": [ { "lang": "en", "time": "2024-03-04T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-05T00:00:00+00:00", "value": "Made public." } ], "title": "Quarkus: information leak in annotation", "workarounds": [ { "lang": "en", "value": "Ensure that at least one of the preconditions is not present in your environment." } ], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1979", "datePublished": "2024-03-13T09:41:25.039Z", "dateReserved": "2024-02-28T17:43:25.030Z", "dateUpdated": "2024-11-24T14:50:53.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4639
Vulnerability from cvelistv5
Published
2024-11-17 10:21
Modified
2024-11-17 16:17
Severity ?
EPSS score ?
Summary
Undertow: cookie smuggling/spoofing
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1674 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1675 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1676 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1677 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2763 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2764 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3919 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-4639 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2166022 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 |
Unaffected: 1.2-23 < * cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-4639", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-17T16:17:32.886591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-17T16:17:46.027Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-23", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-14", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6" ], "defaultStatus": "affected", "packageName": "org.keycloak-keycloak-parent", "product": "Migration Toolkit for Applications 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unknown", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Integration Change Data Capture", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Ankur Sundara for reporting this issue." } ], "datePublic": "2024-02-08T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-17T10:21:44.539Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1674", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "name": "RHSA-2024:1675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "name": "RHSA-2024:1676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "name": "RHSA-2024:1677", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "name": "RHSA-2024:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "name": "RHSA-2024:2764", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4639" }, { "name": "RHBZ#2166022", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022" } ], "timeline": [ { "lang": "en", "time": "2023-01-28T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-08T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: cookie smuggling/spoofing", "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-4639", "datePublished": "2024-11-17T10:21:44.539Z", "dateReserved": "2023-08-30T14:52:04.007Z", "dateUpdated": "2024-11-17T16:17:46.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1023
Vulnerability from cvelistv5
Published
2024-03-27 07:51
Modified
2024-11-25 02:45
Severity ?
EPSS score ?
Summary
Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:1706 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2088 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2833 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3527 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3989 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:4884 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1023 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2260840 | issue-tracking, x_refsource_REDHAT | |
https://github.com/eclipse-vertx/vert.x/issues/5078 | ||
https://github.com/eclipse-vertx/vert.x/pull/5080 | ||
https://github.com/eclipse-vertx/vert.x/pull/5082 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 4.4.5 Version: 4.4.6 Version: 4.5.0 Version: 4.5.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1023", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:46:25.667630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:37:55.153Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "name": "RHBZ#2260840", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "tags": [ "x_transferred" ], "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://mvnrepository.com/artifact/io.vertx", "defaultStatus": "unaffected", "packageName": "vertx-core", "versions": [ { "status": "affected", "version": "4.4.5" }, { "status": "affected", "version": "4.4.6" }, { "status": "affected", "version": "4.5.0" }, { "status": "affected", "version": "4.5.1" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:3" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "CEQ 3.2", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-7", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-operator-bundle", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-reports-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-9", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:cryostat:2::el8" ], "defaultStatus": "affected", "packageName": "cryostat-tech-preview/jfr-datasource-rhel8", "product": "Cryostat 2 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.4.0-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "cpe:/a:redhat:migration_toolkit_applications:6.2::el9" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_streams:2" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat AMQ Streams 2.7.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4.4.8.redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2.5" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "RHINT Service Registry 2.5.11 GA", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Migration Toolkit for Runtimes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:serverless:1" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "OpenShift Serverless", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:optaplanner:::el6" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat build of OptaPlanner 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.vertx/vertx-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "vert.x", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unaffected", "packageName": "vert.x", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "datePublic": "2024-01-26T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T02:45:39.432Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "name": "RHSA-2024:1706", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1706" }, { "name": "RHSA-2024:2088", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "name": "RHSA-2024:2833", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "name": "RHSA-2024:3527", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "name": "RHBZ#2260840", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "timeline": [ { "lang": "en", "time": "2024-01-29T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-01-26T00:00:00+00:00", "value": "Made public." } ], "title": "Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1023", "datePublished": "2024-03-27T07:51:15.716Z", "dateReserved": "2024-01-29T10:54:44.360Z", "dateUpdated": "2024-11-25T02:45:39.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1108
Vulnerability from cvelistv5
Published
2023-09-14 14:48
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
Undertow: infinite loop in sslconduit during close
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-1108", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-08T18:37:50.625681Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T18:38:02.186Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:1184", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1184" }, { "name": "RHSA-2023:1185", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1185" }, { "name": "RHSA-2023:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1512" }, { "name": "RHSA-2023:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1513" }, { "name": "RHSA-2023:1514", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1514" }, { "name": "RHSA-2023:1516", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:1516" }, { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3883", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "name": "RHSA-2023:3884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "name": "RHSA-2023:3885", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "name": "RHSA-2023:3888", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "name": "RHSA-2023:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "name": "RHSA-2023:3954", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3954" }, { "name": "RHSA-2023:4612", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:4612" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-1108" }, { "name": "RHBZ#2174246", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231020-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "packageName": "io.undertow:undertow-core", "versions": [ { "status": "unaffected", "version": "2.3.5" }, { "status": "unaffected", "version": "2.2.24" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "product": "EAP 7.4.10 release", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Fuse 7.12", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.1.0", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.22-1.SP3_redhat_00002.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.9-6.GA_redhat_00004.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.23-1.SP2_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow-jastow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.14-1.Final_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.22-1.SP3_redhat_00002.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.9-6.GA_redhat_00004.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.23-1.SP2_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" ], "defaultStatus": "affected", "packageName": "eap7-undertow-jastow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.14-1.Final_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.22-1.SP3_redhat_00002.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.9-6.GA_redhat_00004.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.23-1.SP2_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow-jastow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.0.14-1.Final_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6.4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.8-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.8-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.8-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat support for Spring Boot 2.7.13", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-24", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "RHPAM 7.13.1 async", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Service Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openstack:13" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat OpenStack Platform 13 (Queens)", "vendor": "Red Hat" } ], "datePublic": "2023-03-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:32.904Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:1184", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1184" }, { "name": "RHSA-2023:1185", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1185" }, { "name": "RHSA-2023:1512", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1512" }, { "name": "RHSA-2023:1513", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1513" }, { "name": "RHSA-2023:1514", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1514" }, { "name": "RHSA-2023:1516", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:1516" }, { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3883", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "name": "RHSA-2023:3884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "name": "RHSA-2023:3885", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "name": "RHSA-2023:3888", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "name": "RHSA-2023:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "name": "RHSA-2023:3954", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3954" }, { "name": "RHSA-2023:4612", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:4612" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-1108" }, { "name": "RHBZ#2174246", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246" }, { "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78" }, { "url": "https://security.netapp.com/advisory/ntap-20231020-0002/" } ], "timeline": [ { "lang": "en", "time": "2023-02-07T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-03-07T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: infinite loop in sslconduit during close", "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1108", "datePublished": "2023-09-14T14:48:58.869Z", "dateReserved": "2023-03-01T00:27:23.587Z", "dateUpdated": "2024-08-02T05:32:46.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6841
Vulnerability from cvelistv5
Published
2024-09-10 16:15
Modified
2024-11-15 15:15
Severity ?
EPSS score ?
Summary
Keycloak: amount of attributes per object is not limited and it may lead to dos
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-6841 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254714 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat build of Quarkus |
cpe:/a:redhat:openshift_application_runtimes:1.0 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-6841", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T20:20:35.831984Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T20:20:45.372Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:mobile_application_platform:4" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat Mobile Application Platform 4", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat OpenShift Application Runtimes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat support for Spring Boot", "vendor": "Red Hat" } ], "datePublic": "2024-09-10T15:45:00+00:00", "descriptions": [ { "lang": "en", "value": "A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-231", "description": "Improper Handling of Extra Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:15:22.570Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6841" }, { "name": "RHBZ#2254714", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254714" } ], "timeline": [ { "lang": "en", "time": "2023-12-15T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-10T15:45:00+00:00", "value": "Made public." } ], "title": "Keycloak: amount of attributes per object is not limited and it may lead to dos", "workarounds": [ { "lang": "en", "value": "This CVE is mitigated by the \u0027User Profile\u0027 functionality, which was introduced in Keycloak 24. This feature introduces additional validation which prevents this vulnerability from being exploited." } ], "x_redhatCweChain": "CWE-231: Improper Handling of Extra Values" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6841", "datePublished": "2024-09-10T16:15:32.639Z", "dateReserved": "2023-12-15T12:33:39.292Z", "dateUpdated": "2024-11-15T15:15:22.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1132
Vulnerability from cvelistv5
Published
2024-04-17 13:21
Modified
2024-11-24 14:55
Severity ?
EPSS score ?
Summary
Keycloak: path transversal in redirection validation
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 21.1.0 ≤ Version: 23.0.0 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1132", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T18:37:10.567431Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:59:39.871Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:3752", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "name": "RHSA-2024:3762", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "name": "RHBZ#2262117", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/keycloak/keycloak", "defaultStatus": "unaffected", "packageName": "keycloak", "versions": [ { "lessThan": "22.0.10", "status": "affected", "version": "21.1.0", "versionType": "semver" }, { "lessThan": "24.0.3", "status": "affected", "version": "23.0.0", "versionType": "semver" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-operator-bundle", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-23", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-rhel8-operator", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-15", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" ], "defaultStatus": "affected", "packageName": "mtr/mtr-web-executor-container-rhel8", "product": "Migration Toolkit for Runtimes 1 on RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "1.2-14", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:migration_toolkit_applications:6.2::el8", "cpe:/a:redhat:migration_toolkit_applications:6.2::el9" ], "defaultStatus": "affected", "packageName": "mta/mta-windup-addon-rhel9", "product": "MTA-6.2-RHEL-9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "6.2.3-2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.10" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.11" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7.12" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat AMQ Broker 7", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-operator-bundle", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22.0.10-1", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-13", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:22::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9-operator", "product": "Red Hat build of Keycloak 22", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "22-16", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:22" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat build of Keycloak 22.0.10", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el7sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el8sso", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" ], "defaultStatus": "affected", "packageName": "rh-sso7-keycloak", "product": "Red Hat Single Sign-On 7.6 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:18.0.13-1.redhat_00001.1.el9sso", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:rhosemc:1.0::el8" ], "defaultStatus": "affected", "packageName": "rh-sso-7/sso76-openshift-rhel8", "product": "RHEL-8 based Middleware Containers", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7.6-46", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7.6" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "RHSSO 7.6.8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat build of Apicurio Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "affected", "packageName": "org.keycloak/keycloak-core", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "org.wildfly.security-wildfly-elytron-parent", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "keycloak", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "keycloak", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "keycloak", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue." } ], "datePublic": "2024-04-16T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T14:55:13.036Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1860", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1860" }, { "name": "RHSA-2024:1861", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1861" }, { "name": "RHSA-2024:1862", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1862" }, { "name": "RHSA-2024:1864", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1864" }, { "name": "RHSA-2024:1866", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1866" }, { "name": "RHSA-2024:1867", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1867" }, { "name": "RHSA-2024:1868", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1868" }, { "name": "RHSA-2024:2945", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "name": "RHSA-2024:3752", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3752" }, { "name": "RHSA-2024:3762", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3762" }, { "name": "RHSA-2024:3919", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3919" }, { "name": "RHSA-2024:3989", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3989" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1132" }, { "name": "RHBZ#2262117", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117" } ], "timeline": [ { "lang": "en", "time": "2024-01-31T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-04-16T00:00:00+00:00", "value": "Made public." } ], "title": "Keycloak: path transversal in redirection validation", "workarounds": [ { "lang": "en", "value": "No current mitigation is available for this vulnerability." } ], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1132", "datePublished": "2024-04-17T13:21:19.130Z", "dateReserved": "2024-01-31T17:07:33.455Z", "dateUpdated": "2024-11-24T14:55:13.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1726
Vulnerability from cvelistv5
Published
2024-04-25 16:29
Modified
2024-11-24 14:50
Severity ?
EPSS score ?
Summary
Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1662 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-1726 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2265158 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat build of Quarkus 3.2.11.Final |
Unaffected: 3.2.11.Final-redhat-00001 < * cpe:/a:redhat:quarkus:3.2::el8 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1726", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-26T20:10:39.915513Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:00:54.662Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:48:21.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1726" }, { "name": "RHBZ#2265158", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265158" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3.2::el8" ], "defaultStatus": "affected", "packageName": "io.quarkus/quarkus-resteasy-reactive", "product": "Red Hat build of Quarkus 3.2.11.Final", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "3.2.11.Final-redhat-00001", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "io.quarkus.resteasy.reactive/resteasy-reactive", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Michal Vav\u0159\u00edk (Red Hat)." } ], "datePublic": "2024-02-19T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T14:50:46.457Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1662", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1662" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-1726" }, { "name": "RHBZ#2265158", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265158" } ], "timeline": [ { "lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-02-19T00:00:00+00:00", "value": "Made public." } ], "title": "Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-281: Improper Preservation of Permissions" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-1726", "datePublished": "2024-04-25T16:29:04.615Z", "dateReserved": "2024-02-21T21:51:58.713Z", "dateUpdated": "2024-11-24T14:50:46.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4244
Vulnerability from cvelistv5
Published
2023-09-25 19:20
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Codehaus-plexus: directory traversal
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:2135 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:3906 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2022-4244 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2149841 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | RHINT Camel-K-1.10.1 |
cpe:/a:redhat:camel_k:1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-4244", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-03T18:17:37.759702Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:16:33.612Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.883Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:3906" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4244" }, { "name": "RHBZ#2149841", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149841" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:camel_k:1" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "RHINT Camel-K-1.10.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" ], "defaultStatus": "unaffected", "product": "RHPAM 7.13.1 async", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:a_mq_clients:2" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "A-MQ Clients 2", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:amq_online:1" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat A-MQ Online", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat build of Apache Camel for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat Decision Manager 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "plexus-utils", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "maven:3.6/plexus-utils", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "maven:3.8/plexus-utils", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "maven:3.8/plexus-utils", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "unaffected", "packageName": "plexus-utils", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_quarkus:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Camel Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Change Data Capture", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:service_registry:2" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat Integration Service Registry", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:amq_broker:7" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss A-MQ 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_fuse_service_works:6" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Fuse Service Works 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_web_server:3" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Web Server 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_web_server:5" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat JBoss Web Server 5", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "unaffected", "packageName": "codehaus-plexus", "product": "Red Hat OpenShift Application Runtimes", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "codehaus-plexus", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "unaffected", "packageName": "org.codehaus.plexus-plexus-utils", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-byte-buddy", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-archiver", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-assembly-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-compiler-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-jar-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-plugin-bundle", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-maven-remote-resources-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-shade-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-source-plugin", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "affected", "packageName": "rh-maven36-maven-surefire", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_software_collections:3" ], "defaultStatus": "unaffected", "packageName": "rh-maven36-plexus-utils", "product": "Red Hat Software Collections", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:openshift_application_runtimes:1.0" ], "defaultStatus": "affected", "packageName": "codehaus-plexus", "product": "Red Hat support for Spring Boot", "vendor": "Red Hat" } ], "datePublic": "2022-12-01T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T15:32:27.644Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:2135", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "name": "RHSA-2023:3906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:3906" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4244" }, { "name": "RHBZ#2149841", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149841" } ], "timeline": [ { "lang": "en", "time": "2022-12-01T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2022-12-01T00:00:00+00:00", "value": "Made public." } ], "title": "Codehaus-plexus: directory traversal", "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4244", "datePublished": "2023-09-25T19:20:04.703Z", "dateReserved": "2022-12-01T06:39:33.189Z", "dateUpdated": "2024-08-03T01:34:49.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-7885
Vulnerability from cvelistv5
Published
2024-08-21 14:13
Modified
2024-11-15 21:05
Severity ?
EPSS score ?
Summary
Undertow: improper state management in proxy protocol parsing causes information leakage
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:6508 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:6883 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7441 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7442 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7735 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:7736 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-7885 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2305290 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 < 2.2.36.Final Version: 2.3.0.Alpha1 < 2.3.17.Final |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7885", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T15:21:22.416004Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-21T15:21:42.735Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-10-11T22:03:18.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20241011-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "defaultStatus": "unaffected", "packageName": "undertow", "versions": [ { "lessThan": "2.2.36.Final", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2.3.17.Final", "status": "affected", "version": "2.3.0.Alpha1", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:3.20.7" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.2" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.18-1.GA_redhat_00003.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.18-1.GA_redhat_00003.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-undertow", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" ], "defaultStatus": "affected", "packageName": "eap7-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:7.4.18-1.GA_redhat_00003.1.el7eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-amazon-ion-java", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.9-2.redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-eap-product-conf-parent", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:800.3.1-2.GA_redhat_00002.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.0.3-13.GA_redhat_00007.1.el8eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-amazon-ion-java", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.9-2.redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-eap-product-conf-parent", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:800.3.1-2.GA_redhat_00002.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-undertow", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" ], "defaultStatus": "affected", "packageName": "eap8-wildfly", "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:8.0.3-13.GA_redhat_00007.1.el9eap", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhboac_hawtio:4" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel - HawtIO", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:quarkus:3" ], "defaultStatus": "unaffected", "packageName": "io.quarkus/quarkus-undertow", "product": "Red Hat build of Quarkus", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "unknown", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank BfC for reporting this issue." } ], "datePublic": "2024-08-07T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:05:05.285Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:6508", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6508" }, { "name": "RHSA-2024:6883", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6883" }, { "name": "RHSA-2024:7441", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7441" }, { "name": "RHSA-2024:7442", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7442" }, { "name": "RHSA-2024:7735", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7735" }, { "name": "RHSA-2024:7736", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:7736" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7885" }, { "name": "RHBZ#2305290", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290" } ], "timeline": [ { "lang": "en", "time": "2024-08-16T09:00:41.686000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-08-07T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: improper state management in proxy protocol parsing causes information leakage", "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-7885", "datePublished": "2024-08-21T14:13:36.579Z", "dateReserved": "2024-08-16T15:35:47.357Z", "dateUpdated": "2024-11-15T21:05:05.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }