What is CVE-2022-3259?

CVE-2022-3259 is a vulnerability in Openshift 4.9 that allows man-in-the-middle (MITM) attacks due to the lack of HTTP Strict Transport Security (HSTS).

What is the severity of CVE-2022-3259?

The severity of CVE-2022-3259 is high with a CVSS score of 7.4.

How does CVE-2022-3259 affect Openshift 4.9?

CVE-2022-3259 affects Openshift 4.9 by not using HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks.

How can I fix CVE-2022-3259?

To fix CVE-2022-3259, update Openshift to version 4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9 or later.

Where can I find more information about CVE-2022-3259?

You can find more information about CVE-2022-3259 at the following references: [CVE-2022-3259](https://www.cve.org/CVERecord?id=CVE-2022-3259), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-3259), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2103220), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2022:7398).

Vulnerability/
CVE-2022-3259

high

7.4

CWE

665

30/6/2022

9/12/2022

3/8/2024

CVE-2022-3259

First published: Thu Jun 30 2022(Updated: )

Description of problem: HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, it will prevent communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers. Version-Release number of selected component (if applicable): 4.9 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: All data that is shared between windows must have explicit origins to avoid eavesdropping. It is recommended to avoid using "*" for the "targetOrigin" in order to prevent a broadcast of the information. It is also important to validate any message that is received from another window. Additional info:

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/openshift	<0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9	0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9
redhat/openshift	<0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8	0:4.13.0-202304211155.p0.gb404935.assembly.stream.el8
Redhat Openshift	=4.9

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-3259?
CVE-2022-3259 is a vulnerability in Openshift 4.9 that allows man-in-the-middle (MITM) attacks due to the lack of HTTP Strict Transport Security (HSTS).
What is the severity of CVE-2022-3259?
The severity of CVE-2022-3259 is high with a CVSS score of 7.4.
How does CVE-2022-3259 affect Openshift 4.9?
CVE-2022-3259 affects Openshift 4.9 by not using HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks.
How can I fix CVE-2022-3259?
To fix CVE-2022-3259, update Openshift to version 4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9 or later.
Where can I find more information about CVE-2022-3259?
You can find more information about CVE-2022-3259 at the following references: [CVE-2022-3259](https://www.cve.org/CVERecord?id=CVE-2022-3259), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-3259), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2103220), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2022:7398).

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-3259
agent/last-modified-date
agent/author
agent/references
agent/severity
agent/weakness
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
package-manager/redhat
vendor/redhat
canonical/redhat openshift
version/redhat openshift/4.9