First published: Thu Oct 27 2022(Updated: )
A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images. Details are linked in the References section.<br>Security Fix(es):<br><li> jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)</li> <li> tika-core: incomplete fix for CVE-2022-30126 (CVE-2022-30973)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of RHSA-2022:7257 is classified as low.
RHSA-2022:7257 addresses vulnerabilities related to Jetty's ConcatServlet and WelcomeFilter that improperly allow access to protected resources.
To fix RHSA-2022:7257, you should update to the latest minor version of Red Hat Camel K as indicated in the advisory.
RHSA-2022:7257 affects Red Hat Camel K and its associated base images.
Users affected by RHSA-2022:7257 are advised to promptly apply the updates to mitigate the identified vulnerabilities.