RHSA-2023:1285: Important: Migration Toolkit for Runtimes security bug fix and enhancement update
First published: Thu Mar 16 2023(Updated: )
Migration Toolkit for Runtimes 1.0.2 ZIP artifacts<br>Security Fix(es):<br><li> keycloak: path traversal via double URL encoding (CVE-2022-3782)</li> <li> spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)</li> <li> Apache CXF: SSRF Vulnerability (CVE-2022-46364)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2023:1285?
The severity of RHSA-2023:1285 is classified as critical due to multiple vulnerabilities including privilege escalation and path traversal.
How do I fix RHSA-2023:1285?
To fix RHSA-2023:1285, update the Migration Toolkit for Runtimes to the latest available version that addresses the vulnerabilities.
What vulnerabilities are addressed in RHSA-2023:1285?
RHSA-2023:1285 addresses vulnerabilities including CVE-2022-3782 for path traversal and CVE-2022-31690 for privilege escalation.
Who is affected by RHSA-2023:1285?
All users of Migration Toolkit for Runtimes version 1.0.2 and related components are affected by RHSA-2023:1285.
Is there a workaround for RHSA-2023:1285?
No specific workaround is mentioned for RHSA-2023:1285; upgrading to a patched version is recommended.
- agent/severity
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2023:1285
- agent/references
- agent/tags
- agent/event
- agent/source