Rhsso-container-image: unsecured management interface exposed to adjecent network
CVE-2022-4039

8HIGH

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
22 September 2023

Summary

A security concern has been identified in Red Hat Single Sign-On for OpenShift container images. When configured with an unsecured management interface, this vulnerability enables attackers to exploit the interface to deploy malicious code. This could lead to unauthorized access and modifications to sensitive information within the application server configuration, posing significant risks to the integrity and confidentiality of the application.

Affected Version(s)

RHEL-8 based Middleware Containers 7.6-20

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Thibault Guittet (Red Hat).
.