Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Published

2023-09-22T15:15:09.847

Last Modified

2024-11-21T07:34:29.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	single_sign-on	7.0	Yes
Application	redhat	openshift_container_platform	4.9	Yes
Application	redhat	openshift_container_platform	4.10	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.9	Yes
Application	redhat	openshift_container_platform_for_ibm_z	4.10	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.9	Yes
Application	redhat	openshift_container_platform_for_linuxone	4.10	Yes
Application	redhat	openshift_container_platform_for_power	4.9	Yes
Application	redhat	openshift_container_platform_for_power	4.10	Yes
Operating System	redhat	enterprise_linux	8.0	No

References

https://access.redhat.com/errata/RHSA-2023:1047 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-4039 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2143416 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:1047 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2022-4039 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2143416 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)