CVE-2022-4039

HIGH 8.0

Rhsso-container-image: unsecured management interface exposed to adjecent network

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

CWE	CWE-276
Vendor	red hat
Product	rhel-8 based middleware containers
Published	Sep 22, 2023
Last Updated	Sep 24, 2024

Stay Ahead of the Next One

Get instant alerts for red hat rhel-8 based middleware containers

Be the first to know when new high vulnerabilities affecting red hat rhel-8 based middleware containers are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Red Hat / RHEL-8 based Middleware Containers

All versions affected

Red Hat / Red Hat Single Sign-On 7

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2023:1047 access.redhat.com: https://access.redhat.com/security/cve/CVE-2022-4039 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2143416

Credits

This issue was discovered by Thibault Guittet (Red Hat).