VDB
CVE-2022-23539
CVE-2022-23539
PUBLISHED
Es existiert eine Schwachstelle in Red Hat OpenShift. Bestimmte Versionen der jsonwebtoken-Bibliothek können falsch konfiguriert werden, so dass veraltete, unsichere Schlüsseltypen für die Signaturprüfung verwendet werden. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
EPSS 0.08% · 24.2th percentile
Risk Scores
EPSS Score
0.08%
24.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM MQ 9.2 | |
| Red Hat | Red Hat Enterprise Linux | |
| IBM | IBM MQ 9.1 | |
| IBM | IBM MQ 9.0 | |
| IBM | IBM Tivoli Business Service Manager 6.2.0 | |
| HCL | HCL BigFix | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat OpenShift Data Foundation 4 | |
| IBM | IBM Integration Bus 10.0.0.0 - 10.0.0.26 |
Exploit Intelligence
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- security_jwt_test.go (github-poc)
…and 7 more exploits
Timeline
- Dec 22, 2022 CVE Published
- Dec 23, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 19, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Oct 10, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0218.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0218 advisory
- https://www.ibm.com/support/pages/node/6890605 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1295.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1295 advisory
- https://access.redhat.com/errata/RHSA-2023:3645 advisory
- https://access.redhat.com/errata/RHSA-2023:3265 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1208.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1208 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-035866b576 advisory
- https://www.ibm.com/support/pages/node/7030667 advisory
- https://www.ibm.com/support/pages/node/7023212 advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104732 advisory