Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2048 (GCVE-0-2022-2048)
Vulnerability from cvelistv5 – Published: 2022-07-07 20:35 – Updated: 2024-08-03 00:24
VLAI
EPSS
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
Severity
7.5 (High)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/eclipse/jetty.project/security… | x_refsource_CONFIRM |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2022090… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2022/09/09/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Affected:
9.4.0 , < unspecified
(custom)
Affected: unspecified , ≤ 9.4.46 (custom) Affected: 10.0.0 , < unspecified (custom) Affected: unspecified , ≤ 10.0.9 (custom) Affected: 11.0.0 , < unspecified (custom) Affected: unspecified , ≤ 11.0.9 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-410",
"description": "CWE-410",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T14:06:11.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2022-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.46"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.9"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-664"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2022-2048",
"datePublished": "2022-07-07T20:35:09.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2048",
"date": "2026-05-29",
"epss": "0.00668",
"percentile": "0.7162"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2048\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2022-07-07T21:15:10.150\",\"lastModified\":\"2024-11-21T07:00:13.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.\"},{\"lang\":\"es\",\"value\":\"En la implementaci\u00f3n del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petici\u00f3n HTTP/2 no v\u00e1lida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegaci\u00f3n de servicio en el que no queden recursos suficientes para procesar las peticiones buenas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-410\"},{\"lang\":\"en\",\"value\":\"CWE-664\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.47\",\"matchCriteriaId\":\"A055068C-4D71-4DDD-AEFF-E39982FD8DC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.9\",\"matchCriteriaId\":\"DB90B12D-86AF-4A9F-8C44-0213FA056919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.9\",\"matchCriteriaId\":\"FC65CE45-D006-4A65-81EA-B7D0397DCA2B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214712B6-59AF-4B5E-84BF-AF3C74A390EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire_\\\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D452B464-1200-4B72-9A89-42DC58486191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.263\",\"matchCriteriaId\":\"FB750FC4-A7B8-464B-9CF1-02BAC0A5121B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"2.361.1\",\"matchCriteriaId\":\"F1570EF2-F7AD-4D7A-B13C-5F729E218E0F\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/09/2\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0006/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5198\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/09/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с недостаточным управлением системными ресурсами, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость контейнера сервлетов Eclipse Jetty связана с недостаточным управлением системными ресурсами. Эксплуатация уязвимости может позволить нарушителю , действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Eclipse Foundation, АО "НППКТ"
Software Name
OpenShift Container Platform, Jboss Fuse, Debian GNU/Linux, Red Hat OpenStack Platform, JBoss A-MQ, Jetty, Red Hat JBoss A-MQ Streams, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), OpenShift Developer Tools and Services for OCP
Software Version
3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 13.0 (Queens) (Red Hat OpenStack Platform), 7 (JBoss A-MQ), 11 (Debian GNU/Linux), 4.8 (OpenShift Container Platform), 4.9 (OpenShift Container Platform), от 10.0.0 до 10.0.9 (Jetty), - (Red Hat JBoss A-MQ Streams), до 2.8 (ОСОН ОСнова Оnyx), от 11.0.0 до 11.0.9 (Jetty), до 9.4.47 (Jetty), 4.11 (OpenShift Developer Tools and Services for OCP)
Possible Mitigations
Использование рекомендаций:
Для Eclipse Jetty:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
https://github.com/eclipse/jetty.project/issues/7935
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-2048
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-2048
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения jetty9 до версии 9.4.39+repack-3+deb11u1osnova1
Reference
https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
https://github.com/eclipse/jetty.project/issues/7935
https://security-tracker.debian.org/tracker/CVE-2022-2048
https://access.redhat.com/security/cve/CVE-2022-2048
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
CWE
CWE-410, CWE-664
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Eclipse Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.11 (OpenShift Container Platform), 7 (Jboss Fuse), 10 (Debian GNU/Linux), 13.0 (Queens) (Red Hat OpenStack Platform), 7 (JBoss A-MQ), 11 (Debian GNU/Linux), 4.8 (OpenShift Container Platform), 4.9 (OpenShift Container Platform), \u043e\u0442 10.0.0 \u0434\u043e 10.0.9 (Jetty), - (Red Hat JBoss A-MQ Streams), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 11.0.0 \u0434\u043e 11.0.9 (Jetty), \u0434\u043e 9.4.47 (Jetty), 4.11 (OpenShift Developer Tools and Services for OCP)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Eclipse Jetty:\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j\nhttps://github.com/eclipse/jetty.project/issues/7935\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-2048\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-2048\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f jetty9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.4.39+repack-3+deb11u1osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.07.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05681",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-2048",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenShift Container Platform, Jboss Fuse, Debian GNU/Linux, Red Hat OpenStack Platform, JBoss A-MQ, Jetty, Red Hat JBoss A-MQ Streams, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), OpenShift Developer Tools and Services for OCP",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Eclipse Jetty, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0439 \u043e\u0431\u044a\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-410), \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0435\u0433\u043e \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f (CWE-664)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Eclipse Jetty \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e , \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j\nhttps://github.com/eclipse/jetty.project/issues/7935\nhttps://security-tracker.debian.org/tracker/CVE-2022-2048\nhttps://access.redhat.com/security/cve/CVE-2022-2048\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-410, CWE-664",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
bit-jenkins-2022-2048
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:58
Modified
2025-04-03 14:40
Summary
Details
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jenkins",
"purl": "pkg:bitnami/jenkins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.361.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-2048"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"id": "BIT-jenkins-2022-2048",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:58:27.765Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
}
],
"schema_version": "1.5.0"
}
CERTFR-2022-AVI-952
Vulnerability from certfr_avis - Published: 2022-10-26 - Updated: 2022-10-26
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar SIEM versions 7.5 ant\u00e9rieures \u00e0 7.5.0 Update Pack 3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.4 ant\u00e9rieures \u00e0 7.4.3 Fix Pack 7",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2021-38185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38185"
},
{
"name": "CVE-2022-25169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25169"
},
{
"name": "CVE-2022-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25762"
},
{
"name": "CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2022-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1966"
},
{
"name": "CVE-2022-2047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-1154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1154"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2022-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29885"
},
{
"name": "CVE-2022-33879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33879"
},
{
"name": "CVE-2021-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3634"
}
],
"initial_release_date": "2022-10-26T00:00:00",
"last_revision_date": "2022-10-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-952",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6831853 du 25 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6831853"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6831855 du 25 octobre 2022",
"url": "https://www.ibm.com/support/pages/node/6831855"
}
]
}
CERTFR-2023-AVI-0357
Vulnerability from certfr_avis - Published: 2023-05-05 - Updated: 2023-05-05
De multiples vulnérabilités ont été découvertes dans IBM Cognos. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cognos Command Center version 10.2.4.1 sans le correctif de s\u00e9curit\u00e9 IF17",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"name": "CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2022-420004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-420004"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2022-2047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2018-12536",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-2191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2191"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2022-38707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38707"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2019-10247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2015-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2023-05-05T00:00:00",
"last_revision_date": "2023-05-05T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0357",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Cognos.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Cognos",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6988263 du 04 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6988263"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6983274 du 04 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6983274"
}
]
}
FKIE_CVE-2022-2048
Vulnerability from fkie_nvd - Published: 2022-07-07 21:15 - Updated: 2024-11-21 07:00
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | element_plug-in_for_vcenter_server | - | |
| netapp | management_services_for_element_software_and_netapp_hci | - | |
| netapp | snapcenter | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | hci_compute_node | - | |
| jenkins | jenkins | * | |
| jenkins | jenkins | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A055068C-4D71-4DDD-AEFF-E39982FD8DC7",
"versionEndExcluding": "9.4.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB90B12D-86AF-4A9F-8C44-0213FA056919",
"versionEndExcluding": "10.0.9",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC65CE45-D006-4A65-81EA-B7D0397DCA2B",
"versionEndExcluding": "11.0.9",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB750FC4-A7B8-464B-9CF1-02BAC0A5121B",
"versionEndExcluding": "2.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "F1570EF2-F7AD-4D7A-B13C-5F729E218E0F",
"versionEndExcluding": "2.361.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
},
{
"lang": "es",
"value": "En la implementaci\u00f3n del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petici\u00f3n HTTP/2 no v\u00e1lida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegaci\u00f3n de servicio en el que no queden recursos suficientes para procesar las peticiones buenas"
}
],
"id": "CVE-2022-2048",
"lastModified": "2024-11-21T07:00:13.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-07T21:15:10.150",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"source": "emo@eclipse.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-410"
},
{
"lang": "en",
"value": "CWE-664"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WGMR-MF83-7X4J
Vulnerability from github – Published: 2022-07-07 20:55 – Updated: 2022-07-19 19:42
VLAI
Summary
Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
Details
Description
Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.
Impact
A malicious client may render the server unresponsive.
Patches
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.
Workarounds
No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)
For more information
If you have any questions or comments about this advisory: * Email us at security@webtide.com.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.4.47"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-server"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty.http2:http2-server"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-2048"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-410"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T20:55:40Z",
"nvd_published_at": "2022-07-07T21:15:00Z",
"severity": "HIGH"
},
"details": "### Description\nInvalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread.\nIf the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response.\nIf this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service.\n\n### Impact\nA malicious client may render the server unresponsive.\n\n### Patches\nThe fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.\n\n### Workarounds\nNo workaround available within Jetty itself.\nOne possible workaround is to filter the requests before sending them to Jetty (for example in a proxy)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at security@webtide.com.\n",
"id": "GHSA-wgmr-mf83-7x4j",
"modified": "2022-07-19T19:42:51Z",
"published": "2022-07-07T20:55:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse/jetty.project"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service"
}
GSD-2022-2048
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-2048",
"description": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"id": "GSD-2022-2048",
"references": [
"https://www.suse.com/security/cve/CVE-2022-2048.html",
"https://www.debian.org/security/2022/dsa-5198",
"https://access.redhat.com/errata/RHSA-2022:8652",
"https://access.redhat.com/errata/RHSA-2023:0017",
"https://access.redhat.com/errata/RHSA-2023:0189",
"https://access.redhat.com/errata/RHSA-2023:0777"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-2048"
],
"details": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"id": "GSD-2022-2048",
"modified": "2023-12-13T01:19:19.598476Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2022-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.0"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.46"
},
{
"version_affected": "\u003e=",
"version_value": "10.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "10.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "11.0.0"
},
{
"version_affected": "\u003c=",
"version_value": "11.0.9"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-664"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,9.4.47),[10.0.0,10.0.10),[11.0.0,11.0.10)",
"affected_versions": "All versions before 9.4.47, all versions starting from 10.0.0 before 10.0.10, all versions starting from 11.0.0 before 11.0.10",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2022-07-19",
"description": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"fixed_versions": [
"9.4.47",
"10.0.10",
"11.0.10"
],
"identifier": "CVE-2022-2048",
"identifiers": [
"GHSA-wgmr-mf83-7x4j",
"CVE-2022-2048"
],
"not_impacted": "All versions starting from 9.4.47 before 10.0.0, all versions starting from 10.0.10 before 11.0.0, all versions starting from 11.0.10",
"package_slug": "maven/org.eclipse.jetty.http2/http2-server",
"pubdate": "2022-07-07",
"solution": "Upgrade to versions 9.4.47, 10.0.10, 11.0.10 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"https://github.com/advisories/GHSA-wgmr-mf83-7x4j"
],
"uuid": "0dc5d816-0e91-4815-8ba3-e6081ace386d"
},
{
"affected_range": "[2.263,2.361.1)",
"affected_versions": "All versions after 2.263 before 2.361.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-07-24",
"description": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"fixed_versions": [
"2.361.1"
],
"identifier": "CVE-2022-2048",
"identifiers": [
"CVE-2022-2048",
"GHSA-wgmr-mf83-7x4j"
],
"not_impacted": "",
"package_slug": "maven/org.jenkins-ci.main/jenkins-core",
"pubdate": "2022-07-07",
"solution": "Upgrade to version 2.361.1 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"https://www.debian.org/security/2022/dsa-5198",
"https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html",
"https://security.netapp.com/advisory/ntap-20220901-0006/",
"http://www.openwall.com/lists/oss-security/2022/09/09/2"
],
"uuid": "b1355173-632d-4935-89c2-d24170f5754c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.9",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.9",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.361.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.263",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2022-2048"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
},
{
"name": "DSA-5198",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5198"
},
{
"name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0006/"
},
{
"name": "[oss-security] 20220909 Vulnerability in Jenkins",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/09/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-24T13:16Z",
"publishedDate": "2022-07-07T21:15Z"
}
}
}
OPENSUSE-SU-2024:12182-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jetty-annotations-9.4.48-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: jetty-annotations-9.4.48-1.1 on GA media
Description of the patch: These are all security issues fixed in the jetty-annotations-9.4.48-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12182
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.48-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.48-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12182",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12182-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2047 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2048 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2048/"
}
],
"title": "jetty-annotations-9.4.48-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12182-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-annotations-9.4.48-1.1.aarch64",
"product_id": "jetty-annotations-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-ant-9.4.48-1.1.aarch64",
"product_id": "jetty-ant-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-cdi-9.4.48-1.1.aarch64",
"product_id": "jetty-cdi-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-client-9.4.48-1.1.aarch64",
"product_id": "jetty-client-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-continuation-9.4.48-1.1.aarch64",
"product_id": "jetty-continuation-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-deploy-9.4.48-1.1.aarch64",
"product_id": "jetty-deploy-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-fcgi-9.4.48-1.1.aarch64",
"product_id": "jetty-fcgi-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-http-9.4.48-1.1.aarch64",
"product_id": "jetty-http-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-http-spi-9.4.48-1.1.aarch64",
"product_id": "jetty-http-spi-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-io-9.4.48-1.1.aarch64",
"product_id": "jetty-io-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-jaas-9.4.48-1.1.aarch64",
"product_id": "jetty-jaas-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-jmx-9.4.48-1.1.aarch64",
"product_id": "jetty-jmx-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-jndi-9.4.48-1.1.aarch64",
"product_id": "jetty-jndi-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-jsp-9.4.48-1.1.aarch64",
"product_id": "jetty-jsp-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-openid-9.4.48-1.1.aarch64",
"product_id": "jetty-openid-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-plus-9.4.48-1.1.aarch64",
"product_id": "jetty-plus-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-proxy-9.4.48-1.1.aarch64",
"product_id": "jetty-proxy-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-quickstart-9.4.48-1.1.aarch64",
"product_id": "jetty-quickstart-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-rewrite-9.4.48-1.1.aarch64",
"product_id": "jetty-rewrite-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-security-9.4.48-1.1.aarch64",
"product_id": "jetty-security-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-server-9.4.48-1.1.aarch64",
"product_id": "jetty-server-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-servlet-9.4.48-1.1.aarch64",
"product_id": "jetty-servlet-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-servlets-9.4.48-1.1.aarch64",
"product_id": "jetty-servlets-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-start-9.4.48-1.1.aarch64",
"product_id": "jetty-start-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-util-9.4.48-1.1.aarch64",
"product_id": "jetty-util-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.48-1.1.aarch64",
"product_id": "jetty-util-ajax-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-webapp-9.4.48-1.1.aarch64",
"product_id": "jetty-webapp-9.4.48-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.48-1.1.aarch64",
"product": {
"name": "jetty-xml-9.4.48-1.1.aarch64",
"product_id": "jetty-xml-9.4.48-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-annotations-9.4.48-1.1.ppc64le",
"product_id": "jetty-annotations-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-ant-9.4.48-1.1.ppc64le",
"product_id": "jetty-ant-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-cdi-9.4.48-1.1.ppc64le",
"product_id": "jetty-cdi-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-client-9.4.48-1.1.ppc64le",
"product_id": "jetty-client-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-continuation-9.4.48-1.1.ppc64le",
"product_id": "jetty-continuation-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-deploy-9.4.48-1.1.ppc64le",
"product_id": "jetty-deploy-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.48-1.1.ppc64le",
"product_id": "jetty-fcgi-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-http-9.4.48-1.1.ppc64le",
"product_id": "jetty-http-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.48-1.1.ppc64le",
"product_id": "jetty-http-spi-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-io-9.4.48-1.1.ppc64le",
"product_id": "jetty-io-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-jaas-9.4.48-1.1.ppc64le",
"product_id": "jetty-jaas-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-jmx-9.4.48-1.1.ppc64le",
"product_id": "jetty-jmx-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-jndi-9.4.48-1.1.ppc64le",
"product_id": "jetty-jndi-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-jsp-9.4.48-1.1.ppc64le",
"product_id": "jetty-jsp-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-openid-9.4.48-1.1.ppc64le",
"product_id": "jetty-openid-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-plus-9.4.48-1.1.ppc64le",
"product_id": "jetty-plus-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-proxy-9.4.48-1.1.ppc64le",
"product_id": "jetty-proxy-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.48-1.1.ppc64le",
"product_id": "jetty-quickstart-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.48-1.1.ppc64le",
"product_id": "jetty-rewrite-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-security-9.4.48-1.1.ppc64le",
"product_id": "jetty-security-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-server-9.4.48-1.1.ppc64le",
"product_id": "jetty-server-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-servlet-9.4.48-1.1.ppc64le",
"product_id": "jetty-servlet-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-servlets-9.4.48-1.1.ppc64le",
"product_id": "jetty-servlets-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-start-9.4.48-1.1.ppc64le",
"product_id": "jetty-start-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-util-9.4.48-1.1.ppc64le",
"product_id": "jetty-util-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.48-1.1.ppc64le",
"product_id": "jetty-util-ajax-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-webapp-9.4.48-1.1.ppc64le",
"product_id": "jetty-webapp-9.4.48-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.48-1.1.ppc64le",
"product": {
"name": "jetty-xml-9.4.48-1.1.ppc64le",
"product_id": "jetty-xml-9.4.48-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.48-1.1.s390x",
"product": {
"name": "jetty-annotations-9.4.48-1.1.s390x",
"product_id": "jetty-annotations-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.48-1.1.s390x",
"product": {
"name": "jetty-ant-9.4.48-1.1.s390x",
"product_id": "jetty-ant-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.48-1.1.s390x",
"product": {
"name": "jetty-cdi-9.4.48-1.1.s390x",
"product_id": "jetty-cdi-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.48-1.1.s390x",
"product": {
"name": "jetty-client-9.4.48-1.1.s390x",
"product_id": "jetty-client-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.48-1.1.s390x",
"product": {
"name": "jetty-continuation-9.4.48-1.1.s390x",
"product_id": "jetty-continuation-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.48-1.1.s390x",
"product": {
"name": "jetty-deploy-9.4.48-1.1.s390x",
"product_id": "jetty-deploy-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.48-1.1.s390x",
"product": {
"name": "jetty-fcgi-9.4.48-1.1.s390x",
"product_id": "jetty-fcgi-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.48-1.1.s390x",
"product": {
"name": "jetty-http-9.4.48-1.1.s390x",
"product_id": "jetty-http-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.48-1.1.s390x",
"product": {
"name": "jetty-http-spi-9.4.48-1.1.s390x",
"product_id": "jetty-http-spi-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.48-1.1.s390x",
"product": {
"name": "jetty-io-9.4.48-1.1.s390x",
"product_id": "jetty-io-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.48-1.1.s390x",
"product": {
"name": "jetty-jaas-9.4.48-1.1.s390x",
"product_id": "jetty-jaas-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.48-1.1.s390x",
"product": {
"name": "jetty-jmx-9.4.48-1.1.s390x",
"product_id": "jetty-jmx-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.48-1.1.s390x",
"product": {
"name": "jetty-jndi-9.4.48-1.1.s390x",
"product_id": "jetty-jndi-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.48-1.1.s390x",
"product": {
"name": "jetty-jsp-9.4.48-1.1.s390x",
"product_id": "jetty-jsp-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.48-1.1.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.s390x",
"product_id": "jetty-minimal-javadoc-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.48-1.1.s390x",
"product": {
"name": "jetty-openid-9.4.48-1.1.s390x",
"product_id": "jetty-openid-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.48-1.1.s390x",
"product": {
"name": "jetty-plus-9.4.48-1.1.s390x",
"product_id": "jetty-plus-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.48-1.1.s390x",
"product": {
"name": "jetty-proxy-9.4.48-1.1.s390x",
"product_id": "jetty-proxy-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.48-1.1.s390x",
"product": {
"name": "jetty-quickstart-9.4.48-1.1.s390x",
"product_id": "jetty-quickstart-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.48-1.1.s390x",
"product": {
"name": "jetty-rewrite-9.4.48-1.1.s390x",
"product_id": "jetty-rewrite-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.48-1.1.s390x",
"product": {
"name": "jetty-security-9.4.48-1.1.s390x",
"product_id": "jetty-security-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.48-1.1.s390x",
"product": {
"name": "jetty-server-9.4.48-1.1.s390x",
"product_id": "jetty-server-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.48-1.1.s390x",
"product": {
"name": "jetty-servlet-9.4.48-1.1.s390x",
"product_id": "jetty-servlet-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.48-1.1.s390x",
"product": {
"name": "jetty-servlets-9.4.48-1.1.s390x",
"product_id": "jetty-servlets-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.48-1.1.s390x",
"product": {
"name": "jetty-start-9.4.48-1.1.s390x",
"product_id": "jetty-start-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.48-1.1.s390x",
"product": {
"name": "jetty-util-9.4.48-1.1.s390x",
"product_id": "jetty-util-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.48-1.1.s390x",
"product": {
"name": "jetty-util-ajax-9.4.48-1.1.s390x",
"product_id": "jetty-util-ajax-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.48-1.1.s390x",
"product": {
"name": "jetty-webapp-9.4.48-1.1.s390x",
"product_id": "jetty-webapp-9.4.48-1.1.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.48-1.1.s390x",
"product": {
"name": "jetty-xml-9.4.48-1.1.s390x",
"product_id": "jetty-xml-9.4.48-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-annotations-9.4.48-1.1.x86_64",
"product_id": "jetty-annotations-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-ant-9.4.48-1.1.x86_64",
"product_id": "jetty-ant-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-cdi-9.4.48-1.1.x86_64",
"product_id": "jetty-cdi-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-client-9.4.48-1.1.x86_64",
"product_id": "jetty-client-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-continuation-9.4.48-1.1.x86_64",
"product_id": "jetty-continuation-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-deploy-9.4.48-1.1.x86_64",
"product_id": "jetty-deploy-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-fcgi-9.4.48-1.1.x86_64",
"product_id": "jetty-fcgi-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-http-9.4.48-1.1.x86_64",
"product_id": "jetty-http-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-http-spi-9.4.48-1.1.x86_64",
"product_id": "jetty-http-spi-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-io-9.4.48-1.1.x86_64",
"product_id": "jetty-io-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-jaas-9.4.48-1.1.x86_64",
"product_id": "jetty-jaas-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-jmx-9.4.48-1.1.x86_64",
"product_id": "jetty-jmx-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-jndi-9.4.48-1.1.x86_64",
"product_id": "jetty-jndi-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-jsp-9.4.48-1.1.x86_64",
"product_id": "jetty-jsp-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-openid-9.4.48-1.1.x86_64",
"product_id": "jetty-openid-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-plus-9.4.48-1.1.x86_64",
"product_id": "jetty-plus-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-proxy-9.4.48-1.1.x86_64",
"product_id": "jetty-proxy-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-quickstart-9.4.48-1.1.x86_64",
"product_id": "jetty-quickstart-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-rewrite-9.4.48-1.1.x86_64",
"product_id": "jetty-rewrite-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-security-9.4.48-1.1.x86_64",
"product_id": "jetty-security-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-server-9.4.48-1.1.x86_64",
"product_id": "jetty-server-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-servlet-9.4.48-1.1.x86_64",
"product_id": "jetty-servlet-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-servlets-9.4.48-1.1.x86_64",
"product_id": "jetty-servlets-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-start-9.4.48-1.1.x86_64",
"product_id": "jetty-start-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-util-9.4.48-1.1.x86_64",
"product_id": "jetty-util-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.48-1.1.x86_64",
"product_id": "jetty-util-ajax-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-webapp-9.4.48-1.1.x86_64",
"product_id": "jetty-webapp-9.4.48-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.48-1.1.x86_64",
"product": {
"name": "jetty-xml-9.4.48-1.1.x86_64",
"product_id": "jetty-xml-9.4.48-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-annotations-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-annotations-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x"
},
"product_reference": "jetty-annotations-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-annotations-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-ant-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-ant-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x"
},
"product_reference": "jetty-ant-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-ant-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-cdi-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-cdi-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x"
},
"product_reference": "jetty-cdi-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-cdi-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-client-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-client-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x"
},
"product_reference": "jetty-client-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-client-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-continuation-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-continuation-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x"
},
"product_reference": "jetty-continuation-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-continuation-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-deploy-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-deploy-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x"
},
"product_reference": "jetty-deploy-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-deploy-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-fcgi-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x"
},
"product_reference": "jetty-fcgi-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-fcgi-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-http-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-http-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x"
},
"product_reference": "jetty-http-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-http-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-http-spi-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x"
},
"product_reference": "jetty-http-spi-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-http-spi-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-io-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-io-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x"
},
"product_reference": "jetty-io-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-io-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-jaas-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-jaas-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x"
},
"product_reference": "jetty-jaas-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-jaas-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-jmx-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-jmx-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x"
},
"product_reference": "jetty-jmx-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-jmx-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-jndi-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-jndi-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x"
},
"product_reference": "jetty-jndi-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-jndi-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-jsp-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-jsp-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x"
},
"product_reference": "jetty-jsp-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-jsp-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-openid-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-openid-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x"
},
"product_reference": "jetty-openid-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-openid-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-plus-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-plus-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x"
},
"product_reference": "jetty-plus-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-plus-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-proxy-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-proxy-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x"
},
"product_reference": "jetty-proxy-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-proxy-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-quickstart-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x"
},
"product_reference": "jetty-quickstart-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-quickstart-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-rewrite-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x"
},
"product_reference": "jetty-rewrite-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-rewrite-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-security-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-security-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x"
},
"product_reference": "jetty-security-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-security-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-server-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-server-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x"
},
"product_reference": "jetty-server-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-server-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-servlet-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-servlet-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x"
},
"product_reference": "jetty-servlet-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-servlet-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-servlets-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-servlets-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x"
},
"product_reference": "jetty-servlets-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-servlets-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-start-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-start-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x"
},
"product_reference": "jetty-start-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-start-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-util-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-util-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x"
},
"product_reference": "jetty-util-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-util-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x"
},
"product_reference": "jetty-util-ajax-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-webapp-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-webapp-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x"
},
"product_reference": "jetty-webapp-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-webapp-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.48-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64"
},
"product_reference": "jetty-xml-9.4.48-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.48-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le"
},
"product_reference": "jetty-xml-9.4.48-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.48-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x"
},
"product_reference": "jetty-xml-9.4.48-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.48-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
},
"product_reference": "jetty-xml-9.4.48-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2047"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2047",
"url": "https://www.suse.com/security/cve/CVE-2022-2047"
},
{
"category": "external",
"summary": "SUSE Bug 1201317 for CVE-2022-2047",
"url": "https://bugzilla.suse.com/1201317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-2047"
},
{
"cve": "CVE-2022-2048",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2048"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2048",
"url": "https://www.suse.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "SUSE Bug 1201316 for CVE-2022-2048",
"url": "https://bugzilla.suse.com/1201316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.48-1.1.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.48-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-2048"
}
]
}
RHSA-2022:8652
Vulnerability from csaf_redhat - Published: 2022-11-28 14:39 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update
Severity
Important
Notes
Topic: A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)
* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)
* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)
* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)
* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)
* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)
* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)
* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)
* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)
* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)
* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)
* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)
* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)
* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow() implementation from PGSQL.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.11.1
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
99 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)\n\n* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)\n\n* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)\n\n* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)\n\n* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)\n\n* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)\n\n* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)\n\n* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)\n\n* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)\n\n* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)\n\n* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)\n\n* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)\n\n* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)\n\n* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8652",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "2055496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496"
},
{
"category": "external",
"summary": "2062370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2102695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695"
},
{
"category": "external",
"summary": "2105067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8652.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:32:56+00:00",
"generator": {
"date": "2026-05-14T22:32:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:8652",
"initial_release_date": "2022-11-28T14:39:27+00:00",
"revision_history": [
{
"date": "2022-11-28T14:39:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-28T14:39:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.11.1",
"product": {
"name": "Red Hat Fuse 7.11.1",
"product_id": "Red Hat Fuse 7.11.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-8331",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1686454"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: XSS in the tooltip or popover data-template attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-8331"
},
{
"category": "external",
"summary": "RHBZ#1686454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
}
],
"release_date": "2019-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: XSS in the tooltip or popover data-template attribute"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"cve": "CVE-2021-31684",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-06-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2102695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Denial of Service in JSONParserByteArray function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31684"
},
{
"category": "external",
"summary": "RHBZ#2102695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684"
}
],
"release_date": "2021-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-smart: Denial of Service in JSONParserByteArray function"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0613",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urijs: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0613"
},
{
"category": "external",
"summary": "RHBZ#2055496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613"
}
],
"release_date": "2022-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urijs: Authorization Bypass Through User-Controlled Key"
},
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-24723",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2022-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062370"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urijs: Leading white space bypasses protocol validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24723"
},
{
"category": "external",
"summary": "RHBZ#2062370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urijs: Leading white space bypasses protocol validation"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-24823",
"cwe": {
"id": "CWE-379",
"name": "Creation of Temporary File in Directory with Insecure Permissions"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087186"
}
],
"notes": [
{
"category": "description",
"text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: world readable temporary file containing sensitive data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "RHBZ#2087186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
}
],
"release_date": "2022-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: world readable temporary file containing sensitive data"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-31197",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129428"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow() implementation from PGSQL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be presented soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31197"
},
{
"category": "external",
"summary": "RHBZ#2129428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197"
},
{
"category": "external",
"summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2",
"url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2"
}
],
"release_date": "2022-08-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names"
},
{
"cve": "CVE-2022-33980",
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Configuration\u0027s variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite embeds affected commons-configuration2 with Candlepin, however, product is not affected since vulnerable org.apache.commons.configuration2.interpol.Lookup is not exposed in code. Product Security has rated this vulnerability Low for Satellite and there is no harm identified to confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-33980"
},
{
"category": "external",
"summary": "RHBZ#2105067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.11.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T14:39:27+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/",
"product_ids": [
"Red Hat Fuse 7.11.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"Red Hat Fuse 7.11.1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.11.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
}
]
}
RHSA-2023:0017
Vulnerability from csaf_redhat - Published: 2023-01-12 16:49 - Updated: 2026-03-21 04:22Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.56 packages and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.8.56 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2023:0018
Security Fix(es):
* Pipeline Shared Groovy Libraries: Untrusted users can modify some
Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
(CVE-2022-29047)
* Jenkins plugin: Sandbox bypass vulnerability through implicitly
allowlisted platform Groovy files in Pipeline: Groovy Plugin
(CVE-2022-30945)
* Jenkins plugin: Mercurial SCM plugin can check out from the controller
file system (CVE-2022-30948)
* jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step
Plugin (CVE-2022-34177)
* jenkins-plugin: Man-in-the-Middle (MitM) in
org.jenkins-ci.plugins:git-client (CVE-2022-36881)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* Jenkins plugin: CSRF vulnerability in Script Security Plugin
(CVE-2022-30946)
* Jenkins plugin: User-scoped credentials exposed to other users by
Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin
(CVE-2022-30954)
* jenkins: Observable timing discrepancy allows determining username
validity (CVE-2022-34174)
* jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
(CVE-2022-34176)
* jenkins-plugin: Cross-site Request Forgery (CSRF) in
org.jenkins-ci.plugins:git (CVE-2022-36882)
* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook
(CVE-2022-36883)
* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook
(CVE-2022-36884)
* jenkins plugin: Non-constant time webhook signature comparison in GitHub
Plugin (CVE-2022-36885)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management (SCM) to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even with the Pipeline configured not to trust them.
7.3 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded this way and their methods executed. If a suitable Groovy source file is available on the classpath of Jenkins, sandbox protections can be bypassed. No Groovy source files were found in Jenkins core or plugins that could result in attackers executing dangerous code; hence successful exploitation is considered highly unlikely.
8.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Important
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Important
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Important
A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks.
8.1 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Important
A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src | — |
Threats
Impact
Moderate
References
97 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.8.56 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2023:0018\n\nSecurity Fix(es):\n\n* Pipeline Shared Groovy Libraries: Untrusted users can modify some\nPipeline libraries in Pipeline Shared Groovy Libraries Plugin\n(CVE-2022-29047)\n* Jenkins plugin: Sandbox bypass vulnerability through implicitly\nallowlisted platform Groovy files in Pipeline: Groovy Plugin\n(CVE-2022-30945)\n* Jenkins plugin: Mercurial SCM plugin can check out from the controller\nfile system (CVE-2022-30948)\n* jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step\nPlugin (CVE-2022-34177)\n* jenkins-plugin: Man-in-the-Middle (MitM) in\norg.jenkins-ci.plugins:git-client (CVE-2022-36881)\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n* Jenkins plugin: CSRF vulnerability in Script Security Plugin\n(CVE-2022-30946)\n* Jenkins plugin: User-scoped credentials exposed to other users by\nPipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin\n(CVE-2022-30954)\n* jenkins: Observable timing discrepancy allows determining username\nvalidity (CVE-2022-34174)\n* jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin\n(CVE-2022-34176)\n* jenkins-plugin: Cross-site Request Forgery (CSRF) in\norg.jenkins-ci.plugins:git (CVE-2022-36882)\n* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook\n(CVE-2022-36883)\n* jenkins plugin: Lack of authentication mechanism in Git Plugin webhook\n(CVE-2022-36884)\n* jenkins plugin: Non-constant time webhook signature comparison in GitHub\nPlugin (CVE-2022-36885)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0017",
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "external",
"summary": "2103548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103548"
},
{
"category": "external",
"summary": "2103551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103551"
},
{
"category": "external",
"summary": "2114755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114755"
},
{
"category": "external",
"summary": "2116840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116840"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2119642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119642"
},
{
"category": "external",
"summary": "2119643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119643"
},
{
"category": "external",
"summary": "2119644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119644"
},
{
"category": "external",
"summary": "2119645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119645"
},
{
"category": "external",
"summary": "2119646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646"
},
{
"category": "external",
"summary": "2119647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647"
},
{
"category": "external",
"summary": "2119653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119653"
},
{
"category": "external",
"summary": "2119656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119656"
},
{
"category": "external",
"summary": "2119657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119657"
},
{
"category": "external",
"summary": "2119658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119658"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0017.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.56 packages and security update",
"tracking": {
"current_release_date": "2026-03-21T04:22:12+00:00",
"generator": {
"date": "2026-03-21T04:22:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:0017",
"initial_release_date": "2023-01-12T16:49:54+00:00",
"revision_history": [
{
"date": "2023-01-12T16:49:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-12T16:49:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T04:22:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.361.1.1672840472-1.el8.src",
"product": {
"name": "jenkins-0:2.361.1.1672840472-1.el8.src",
"product_id": "jenkins-0:2.361.1.1672840472-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.361.1.1672840472-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.8.1672842762-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1672842762-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.361.1.1672840472-1.el8.noarch",
"product": {
"name": "jenkins-0:2.361.1.1672840472-1.el8.noarch",
"product_id": "jenkins-0:2.361.1.1672840472-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.361.1.1672840472-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1672842762-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.361.1.1672840472-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch"
},
"product_reference": "jenkins-0:2.361.1.1672840472-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.361.1.1672840472-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
},
"product_reference": "jenkins-0:2.361.1.1672840472-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.8.1672842762-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.8.1672842762-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-29047",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074855"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management (SCM) to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even with the Pipeline configured not to trust them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29047"
},
{
"category": "external",
"summary": "RHBZ#2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin"
},
{
"cve": "CVE-2022-30945",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119642"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins Groovy Plugin. The plugin allows pipelines to load Groovy source files. The intent is to allow Global Shared Libraries to execute without sandbox protection. The issue is that the plugin allows any Groovy source files bundled with Jenkins core and plugins to be loaded this way and their methods executed. If a suitable Groovy source file is available on the classpath of Jenkins, sandbox protections can be bypassed. No Groovy source files were found in Jenkins core or plugins that could result in attackers executing dangerous code; hence successful exploitation is considered highly unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30945"
},
{
"category": "external",
"summary": "RHBZ#2119642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119642"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30945"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plugin: Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Pipeline: Groovy Plugin"
},
{
"cve": "CVE-2022-30946",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119643"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: CSRF vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30946"
},
{
"category": "external",
"summary": "RHBZ#2119643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30946"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2116"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: CSRF vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2022-30948",
"cwe": {
"id": "CWE-435",
"name": "Improper Interaction Between Multiple Correctly-Behaving Entities"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller\u0027s file system. This is accomplished by using local paths as SCM URLs, obtaining limited information about other projects\u0027 SCM contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: Mercurial SCM plugin can check out from the controller file system",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30948"
},
{
"category": "external",
"summary": "RHBZ#2119644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30948"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plugin: Mercurial SCM plugin can check out from the controller file system"
},
{
"cve": "CVE-2022-30952",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119645"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30952"
},
{
"category": "external",
"summary": "RHBZ#2119645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30952"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30952"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-714"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin"
},
{
"cve": "CVE-2022-30953",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119646"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: CSRF vulnerability in Blue Ocean Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30953"
},
{
"category": "external",
"summary": "RHBZ#2119646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: CSRF vulnerability in Blue Ocean Plugin"
},
{
"cve": "CVE-2022-30954",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119647"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: missing permission checks in Blue Ocean Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30954"
},
{
"category": "external",
"summary": "RHBZ#2119647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: missing permission checks in Blue Ocean Plugin"
},
{
"cve": "CVE-2022-34174",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119653"
}
],
"notes": [
{
"category": "description",
"text": "In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Observable timing discrepancy allows determining username validity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34174"
},
{
"category": "external",
"summary": "RHBZ#2119653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119653"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34174"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566"
}
],
"release_date": "2022-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Observable timing discrepancy allows determining username validity"
},
{
"cve": "CVE-2022-34176",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-07-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2103548"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34176"
},
{
"category": "external",
"summary": "RHBZ#2103548",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103548"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34176"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2760"
}
],
"release_date": "2022-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2022-34177",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-07-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2103551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34177"
},
{
"category": "external",
"summary": "RHBZ#2103551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34177"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705"
}
],
"release_date": "2022-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin"
},
{
"cve": "CVE-2022-36881",
"cwe": {
"id": "CWE-322",
"name": "Key Exchange without Entity Authentication"
},
"discovery_date": "2022-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2114755"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36881"
},
{
"category": "external",
"summary": "RHBZ#2114755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36881"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-cm7j-p8hc-97vj",
"url": "https://github.com/advisories/GHSA-cm7j-p8hc-97vj"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468"
}
],
"release_date": "2022-08-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client"
},
{
"cve": "CVE-2022-36882",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116840"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Git Jenkins plugin. The affected versions of the Git Jenkins Plugin allow attackers to trigger the builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36882"
},
{
"category": "external",
"summary": "RHBZ#2116840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36882"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36882",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36882"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"
}
],
"release_date": "2022-08-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git"
},
{
"cve": "CVE-2022-36883",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119656"
}
],
"notes": [
{
"category": "description",
"text": "A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: Lack of authentication mechanism in Git Plugin webhook",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36883"
},
{
"category": "external",
"summary": "RHBZ#2119656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36883"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"
}
],
"release_date": "2022-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: Lack of authentication mechanism in Git Plugin webhook"
},
{
"cve": "CVE-2022-36884",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119657"
}
],
"notes": [
{
"category": "description",
"text": "The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: Lack of authentication mechanism in Git Plugin webhook",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36884"
},
{
"category": "external",
"summary": "RHBZ#2119657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119657"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36884"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-284"
}
],
"release_date": "2022-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: Lack of authentication mechanism in Git Plugin webhook"
},
{
"cve": "CVE-2022-36885",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-08-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2119658"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin: Non-constant time webhook signature comparison in GitHub Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"known_not_affected": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36885"
},
{
"category": "external",
"summary": "RHBZ#2119658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36885"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1849",
"url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1849"
}
],
"release_date": "2022-07-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-12T16:49:54+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-0:2.361.1.1672840472-1.el8.src",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1672842762-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin: Non-constant time webhook signature comparison in GitHub Plugin"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…