PT-2023-1508 · Red Hat · Red Hat Single Sign-On

Chess Hazlett

Publicado

2023-03-01

Atualizado

2023-09-26

CVE-2022-4039

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat Single Sign-On for OpenShift container images (affected versions not specified)

Description A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. The issue is related to the default access control settings of the Keycloak identity and access management tool, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

BDU:2023-00935

CVE-2022-4039

Produtos afetados

Red Hat Single Sign-On

PT-2023-1508 · Red Hat · Red Hat Single Sign-On

CVE-2022-4039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11