CVE-2022-4039: Rhsso-container-image: unsecured management interface exposed to adjecent network
First published: Wed Nov 16 2022(Updated: )
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Single Sign-on | =7.0 | |
| Redhat Openshift Container Platform | =4.9 | |
| Redhat Openshift Container Platform | =4.10 | |
| Redhat Openshift Container Platform For Ibm Z | =4.9 | |
| Redhat Openshift Container Platform For Ibm Z | =4.10 | |
| Redhat Openshift Container Platform For Linuxone | =4.9 | |
| Redhat Openshift Container Platform For Linuxone | =4.10 | |
| Redhat Openshift Container Platform For Power | =4.9 | |
| Redhat Openshift Container Platform For Power | =4.10 | |
| Redhat Enterprise Linux | =8.0 | |
| redhat/Red Hat Single Sign-On | <7.6.2 | 7.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2022-4039.
What is the severity of CVE-2022-4039?
The severity of CVE-2022-4039 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2022-4039?
Red Hat Single Sign-On for OpenShift container images with an unsecured management interface enabled is affected by CVE-2022-4039.
How can an attacker exploit CVE-2022-4039?
An attacker can exploit CVE-2022-4039 by using the unsecured management interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
Is there a fix available for CVE-2022-4039?
Yes, a fix is available for CVE-2022-4039. It is recommended to update to Red Hat Single Sign-On version 7.6.2.
- collector/nvd-api
- collector/redhat-cve
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-4039
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- vendor/redhat
- canonical/redhat single sign-on
- version/redhat single sign-on/7.0
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.9
- version/redhat openshift container platform/4.10
- canonical/redhat openshift container platform for ibm z
- version/redhat openshift container platform for ibm z/4.9
- version/redhat openshift container platform for ibm z/4.10
- canonical/redhat openshift container platform for linuxone
- version/redhat openshift container platform for linuxone/4.9
- version/redhat openshift container platform for linuxone/4.10
- canonical/redhat openshift container platform for power
- version/redhat openshift container platform for power/4.9
- version/redhat openshift container platform for power/4.10
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- package-manager/redhat