Rhsso-container-image: unsecured management interface exposed to adjecent network
CVE-2022-4039

8HIGH

Key Information:

Vendor
Red Hat
Status
Rhel-8 Based Middleware Containers
Red Hat Single Sign-on 7
Vendor
CVE Published:
22 September 2023

Summary

A security concern has been identified in Red Hat Single Sign-On for OpenShift container images. When configured with an unsecured management interface, this vulnerability enables attackers to exploit the interface to deploy malicious code. This could lead to unauthorized access and modifications to sensitive information within the application server configuration, posing significant risks to the integrity and confidentiality of the application.

Affected Version(s)

RHEL-8 based Middleware Containers 7.6-20

References

https://access.redhat.com/errata/RHSA-2023:1047
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2022-4039
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2143416
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Thibault Guittet (Red Hat).
.