Vulnerability Description
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Single Sign-On | 7.0 |
| Redhat | Openshift Container Platform | 4.9 |
| Redhat | Openshift Container Platform For Ibm Z | 4.9 |
| Redhat | Openshift Container Platform For Linuxone | 4.9 |
| Redhat | Openshift Container Platform For Power | 4.9 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:1047Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-4039Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2143416Issue TrackingVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:1047Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-4039Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2143416Issue TrackingVendor Advisory
FAQ
What is CVE-2022-4039?
CVE-2022-4039 is a vulnerability with a CVSS score of 8.0 (HIGH). A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to de...
How severe is CVE-2022-4039?
CVE-2022-4039 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4039?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Single Sign-On, Redhat Openshift Container Platform, Redhat Openshift Container Platform For Ibm Z, Redhat Openshift Container Platform For Linuxone, Redhat Openshift Container Platform For Power.