CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Published: Sep 22, 2023
Updated: Sep 27, 2023
CVE: CVE-2022-4039
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
redhat / single_sign-on	7.0	7.0.x
redhat / openshift_container_platform	4.9	4.9.x
redhat / openshift_container_platform	4.10	4.10.x
redhat / openshift_container_platform_for_ibm_z	4.9	4.9.x
redhat / openshift_container_platform_for_ibm_z	4.10	4.10.x
redhat / openshift_container_platform_for_linuxone	4.9	4.9.x
redhat / openshift_container_platform_for_linuxone	4.10	4.10.x
redhat / openshift_container_platform_for_power	4.9	4.9.x
redhat / openshift_container_platform_for_power	4.10	4.10.x

Vulnerability Database

289,599

CVE-2022-4039