Dave Baker

**Name of the Vulnerable Software and Affected Versions** Red Hat Single Sign On versions 7.x **Description** The issue allows an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of their choosing, originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may gather information about hosts and ports they do not have access to scan directly. **Recommendations** For Red Hat Single Sign On version 7.x, consider restricting access to the "Test Connection" feature in the application console to minimize the risk of exploitation. As a temporary workaround, disabling the "Test Connection" functionality may help until a more permanent solution is available.

**Name of the Vulnerable Software and Affected Versions** Red Hat Quay versions prior to 3.3.1 **Description** An information disclosure issue was found in Red Hat Quay. This flaw allows an attacker who can create a build trigger in a repository to disclose the names of robot accounts and the existence of private repositories within any namespace. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Syndesis (affected versions not specified) **Description** The issue is related to the configuration of Syndesis, specifically with Cross-Origin Resource Sharing (CORS) set to allow all origins, which could be exploited by an attacker to conduct phishing attacks and gain unauthorized access to information. Additionally, there is a vulnerability related to insufficient input validation, which could allow an attacker to obtain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.