CVE-2022-23635 — Vulnetix

CVE-2022-23635 PUBLISHED CVSS 8.699999809265137 HIGH

In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.

EPSS 0.68% · 72.0th percentile

Risk Scores

CVSS 4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.68%

72.0th percentile

Affected Products

Vendor	Product	Versions
Amazon	Amazon Linux 2
Gentoo	Gentoo Linux
Red Hat	Red Hat Enterprise Linux
Red Hat	Red Hat OpenShift Container Platform 4
Oracle	Oracle Linux

Timeline

Feb 22, 2022 CVE Published
Feb 23, 2022 EPSS Score
Feb 25, 2022 CVE Updated
Apr 16, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Jul 30, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 15, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0970.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0970 advisory
https://access.redhat.com/errata/RHSA-2022:4668 advisory
https://access.redhat.com/errata/RHSA-2022:1275 advisory
https://access.redhat.com/errata/RHSA-2022:1276 advisory
https://access.redhat.com/errata/RHSA-2022:1679 advisory
https://linux.oracle.com/errata/ELSA-2022-9362.html advisory
https://security.gentoo.org/glsa/202208-02 advisory
https://linux.oracle.com/errata/ELSA-2022-7129.html advisory
https://access.redhat.com/errata/RHSA-2022:7129 advisory
https://access.redhat.com/errata/RHSA-2022:7457 advisory
https://access.redhat.com/errata/RHSA-2022:7954 advisory
https://alas.aws.amazon.com/AL2/ALAS-2023-2303.html advisory
https://access.redhat.com/errata/RHSA-2024:2944 advisory

Open in Interactive Console →