VDB
CVE-2022-0552
CVE-2022-0552
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
EPSS 0.21% · 43.5th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.21%
43.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | origin-aggregated-logging | 3.11 |
| n/a | origin-aggregated-logging/elasticsearch | origin-aggregated-logging versions 3.11 |
Exploit Intelligence
Timeline
- Apr 11, 2022 CVE Published
- Apr 12, 2022 EPSS Score
- Jun 1, 2022 EPSS Score
- Jul 23, 2022 EPSS Score
- Sep 11, 2022 EPSS Score
- Oct 31, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- May 20, 2023 EPSS Score
- Jul 9, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2052539 url
- https://access.redhat.com/security/cve/CVE-2021-21409 url
- https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d url
- https://nvd.nist.gov/vuln/detail/CVE-2022-0552 advisory
- https://access.redhat.com/errata/RHSA-2022:0721 url
- https://access.redhat.com/errata/RHSA-2022:0727 url
- https://access.redhat.com/errata/RHSA-2022:0728 url
- https://access.redhat.com/security/cve/CVE-2022-0552 url