RHSA-2022:8964: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
First published: Tue Dec 13 2022(Updated: )
The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues.<br>Security Fix(es):<br><li> keycloak: path traversal via double URL encoding (CVE-2022-3782)</li> <li> keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.<br>You can find images updated by this advisory in Red Hat Container Catalog (see References).
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/severity
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/tags
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:8964