Rhsso-container-image: unsecured management interface exposed to adjecent network
CVE-2022-4039
8HIGH
Key Information:
- Vendor
- Red Hat
- Vendor
- CVE Published:
- 22 September 2023
Summary
A security concern has been identified in Red Hat Single Sign-On for OpenShift container images. When configured with an unsecured management interface, this vulnerability enables attackers to exploit the interface to deploy malicious code. This could lead to unauthorized access and modifications to sensitive information within the application server configuration, posing significant risks to the integrity and confidentiality of the application.
Affected Version(s)
RHEL-8 based Middleware Containers 7.6-20
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Thibault Guittet (Red Hat).