PT-2023-1508 · Red Hat · Red Hat Single Sign-On
Chess Hazlett
+1
·
Published
2023-03-01
·
Updated
2023-09-26
·
CVE-2022-4039
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Red Hat Single Sign-On for OpenShift container images (affected versions not specified)
Description
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. The issue is related to the default access control settings of the Keycloak identity and access management tool, which can be exploited by a remote attacker to execute arbitrary code.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Single Sign-On