ID

VAR-202302-0482


CVE

CVE-2022-4304


TITLE

OpenSSL  side-channel vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003736

DESCRIPTION

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215) A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286). Bug Fix(es): * Requested TSC frequency outside tolerance range & TSC scaling not supported (BZ#2151169) * User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" (BZ#2160673) * 4.11.4 containers (BZ#2173835) * VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193) 3. Bugs fixed (https://bugzilla.redhat.com/): 2151169 - Requested TSC frequency outside tolerance range & TSC scaling not supported 2160673 - User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" 2173835 - 4.11.4 containers 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2218193 - VMI with x86_Icelake fail when mpx feature is missing 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.13.5 security update Advisory ID: RHSA-2023:4091-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4091 Issue date: 2023-07-20 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41717 CVE-2022-41723 CVE-2022-46663 CVE-2023-0215 CVE-2023-0361 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-1260 CVE-2023-2253 CVE-2023-2650 CVE-2023-2700 CVE-2023-3089 CVE-2023-24329 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-27561 CVE-2023-29400 CVE-2023-32067 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5 See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:4093 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html Security Fix(es): * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * distribution/distribution: DoS from malicious API request (CVE-2023-2253) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags The sha values for the release are: (For x86_64 architecture) The image digest is sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4 (For s390x architecture) The image digest is sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870 (For ppc64le architecture) The image digest is sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943 (For aarch64 architecture) The image digest is sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53 All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique. OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var) OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated. OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot OCPBUGS-13323 - [4.13] Bootimage bump tracker OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token OCPBUGS-14166 - Make Serverless form is broken OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13) OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this) OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort OCPBUGS-14426 - Failed to list Kepler CSV OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles OCPBUGS-14598 - Update Jenkins to use 4.13 images OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease OCPBUGS-14916 - images: RHEL-8-based container image is broken OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized OCPBUGS-15101 - IngressVIP getting attach to two nodes at once OCPBUGS-15130 - Helm Repository "Edit" button results in 404 OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label OCPBUGS-15161 - CPMS: Surface cpms vs machine diff OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state OCPBUGS-15187 - images: RHEL-8 container image is missing `xz` OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart) OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install OCPBUGS-15246 - Bump to kubernetes 1.26.6 OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project OCPBUGS-15330 - CPMSO: fix linting issue comment in test OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.' OCPBUGS-15360 - Serverless functions UI warning is misleading OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars) OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp) OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13] OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert" OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout OCPBUGS-15557 - TUI stuck on agent installer network boot setup OCPBUGS-15580 - updated nmstate builds will not work for MCO OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clusters OCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9 OCPBUGS-15736 - TuneD reverts node level profiles on termination OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /` volumeMount breaks CSI driver relying on multipath OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values. OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13 OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology 6. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-46663 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-1260 https://access.redhat.com/security/cve/CVE-2023-2253 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-2700 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-32067 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkuYVOAAoJENzjgjWX9erExUgP/2/25PbUv77tHgYG+Oj5rmcT oTnu0LnBLOsDXYGOomnrE/UZFvWtQr8lGWpvkHpZjJjg7IZo4vN4mUhK+z7dM+3M zuyV++GHDF/zr1XxYf6xWWWNtdCTwWsUKcb6FB4J+WCiUJ8PSYFY3lbPcvAbTamP Hj1JHc3/NxYswwfwBcmK+E4DX4y0XImRdu5+vIXZdp5dpTBehchnSa+Mgjt7vdwi rHi7CdAsHDrPQhThlIRmc17cwsqiZS760xxpx9UNHvix5UQA9ns+OcUx/dLaGR9E dp41kCebze5st+wpBMCPoOZEvHJIMjC6ODFVb4mzRbhbAbWJS6GZl2V783v5RGrr FemE7DDKKt6QEjZhT61GXVS9EdWdFrNii5kmgEiUc/F6Md0fHrPcdt5yxK0dhPZb 3R/64vcMsHllsEStpg8s1aieAZbpmheylEKK+zf82Vz3nlBNX5kxi2IxCrl4nG6X KublzGkkKiNXS9rZqzPDRgtGAn5Qi01U9kUzVgdKGfMsyRnvAVDeZf/FUdOhCm7M h2Yt9M2cgPImRWatKkECpsAwcHbgGtsFL96/5z6CSOoXbqkB2xV6LVixsoa4ys76 cHsXRPJFDU97Y1I9h1kJbro/N8UdPZSicVdsWrLYadujBrhaPq5MoW+B1FpayaDh +AfFGtVd9LRp5sYROCuT =2EuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This advisory contains OpenShift Virtualization 4.12.5 images. Bug Fix(es): * [4.12] must-gather doesn't collect ruletebles (BZ#2208641) * nft rules are not collected if the VMs are running in the node where must-gather is running (BZ#2214454) * [cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass (BZ#2217913) * USB-redirection regression (BZ#2221222) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2027959 - [RFE] virt-launcher pod of Windows VM stuck in terminating state, no button in the UI to force power off 2182056 - Cloned VM should not use the same PVC of the source VM 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2208641 - [4.12] must-gather doesn't collect ruletebles 2209318 - [4.12.z] VM connected to a VLAN is also receiving packets from VLAN 1 2209848 - OpenShift Virtualization Overview page shows no metrics for "All Projects" 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2214454 - nft rules are not collected if the VMs are running in the node where must-gather is running 2216447 - must-gather: Multiple empty files under vms/<vm-name> if the VM was live migrated 2216449 - must-gather is using unavailable brctl command 2217913 - [cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass 2220843 - [4.12]Missing StorageProfile defaults for IBM and AWS EFS CSI provisioners 2221222 - USB-redirection regression 2222011 - [4.12]DataImportCron Garbage Collection can mistakenly delete latest PVC 5. Bugs fixed (https://bugzilla.redhat.com/): 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2185507 - Release of OpenShift Serverless Serving 1.29.0 2185509 - Release of OpenShift Serverless Eventing 1.29.0 5. Summary: The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2139426 - CVE-2022-3841 RHACM: unauthenticated SSRF in console API endpoint 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): ACM-3516 - ACM 2.6.5 Images 6. This advisory covers the RPM packages for the release. Bugs fixed (https://bugzilla.redhat.com/): 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated 2126276 - CVE-2021-43138 async: Prototype Pollution in async 2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 5. JIRA issues fixed (https://issues.redhat.com/): OSSM-3596 - Port istio-cni fix for RHEL9 to maistra-2.2 OSSM-3720 - Port egress-gateway wrong network gateway endpoints fix in maistra-2.2 OSSM-3783 - operator can deadlock when istiod deployment fails [maistra-2.2] 6

Trust: 2.43

sources: NVD: CVE-2022-4304 // JVNDB: JVNDB-2022-003736 // VULMON: CVE-2022-4304 // PACKETSTORM: 174629 // PACKETSTORM: 173676 // PACKETSTORM: 173895 // PACKETSTORM: 172741 // PACKETSTORM: 172460 // PACKETSTORM: 172147 // PACKETSTORM: 172119 // PACKETSTORM: 172981

AFFECTED PRODUCTS

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:stormshieldmodel:network securityscope:gteversion:4.4.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:2.8.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:4.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:3.0.8

Trust: 1.0

vendor:stormshieldmodel:endpoint securityscope:ltversion:7.2.40

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:4.6.3

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:3.11.22

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:4.3.16

Trust: 1.0

vendor:stormshieldmodel:sslvpnscope:ltversion:3.2.1

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:2.7.11

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2zg

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:3.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1t

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:3.8.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:2.7.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:3.7.34

Trust: 1.0

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日本電気model:nec enhanced speech analysisscope: - version: -

Trust: 0.8

vendor:日立model:jp1/file transmission server/ftpscope: - version: -

Trust: 0.8

vendor:日立model:hitachi global link managerscope: - version: -

Trust: 0.8

vendor:日本電気model:esmpro/serveragentscope: - version: -

Trust: 0.8

vendor:日立model:jp1/service support starter editionscope: - version: -

Trust: 0.8

vendor:日立model:jp1/navigation platformscope: - version: -

Trust: 0.8

vendor:日本電気model:ix ルータscope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope: - version: -

Trust: 0.8

vendor:日立model:jp1/automatic job management system 3 - managerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop management 2 - smart device managerscope: - version: -

Trust: 0.8

vendor:日本電気model:neoface monitorscope: - version: -

Trust: 0.8

vendor:日本電気model:connexive application platformscope: - version: -

Trust: 0.8

vendor:日立model:jp1/data highway - server starter editionscope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop management 2 - operations directorscope: - version: -

Trust: 0.8

vendor:日立model:プログラミング環境 for javascope: - version: -

Trust: 0.8

vendor:日本電気model:istorage t280scope: - version: -

Trust: 0.8

vendor:日立model:hitachi compute systems managerscope: - version: -

Trust: 0.8

vendor:日本電気model:nec ai acceleratorscope: - version: -

Trust: 0.8

vendor:日本電気model:nec multimedia olap for 映像分析サービスscope: - version: -

Trust: 0.8

vendor:日本電気model:istorage v10escope: - version: -

Trust: 0.8

vendor:日本電気model:connexive pfscope: - version: -

Trust: 0.8

vendor:日立model:hitachi replication managerscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx application serverscope: - version: -

Trust: 0.8

vendor:日立model:日立アドバンストサーバ ha8000v シリーズscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:jp1/automatic job management system 3 - definitions assistantscope: - version: -

Trust: 0.8

vendor:日立model:jp1/snmp system observerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/navigation platform for developersscope: - version: -

Trust: 0.8

vendor:日立model:jp1/operations analyticsscope: - version: -

Trust: 0.8

vendor:日本電気model:spoolserver/reportfilingscope: - version: -

Trust: 0.8

vendor:日立model:jp1/service supportscope: - version: -

Trust: 0.8

vendor:日本電気model:vranscope: - version: -

Trust: 0.8

vendor:日本電気model:istorage v100scope: - version: -

Trust: 0.8

vendor:日立model:jp1/performance managementscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus http serverscope: - version: -

Trust: 0.8

vendor:日本電気model:iot 共通基盤scope: - version: -

Trust: 0.8

vendor:日立model:jp1/it desktop management 2 - managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日本電気model:得選街・gcbscope: - version: -

Trust: 0.8

vendor:日立model:jp1/automatic operationscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tuning managerscope: - version: -

Trust: 0.8

vendor:日本電気model:webotx sip application serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:jp1/basescope: - version: -

Trust: 0.8

vendor:日立model:jp1/data highway - serverscope: - version: -

Trust: 0.8

vendor:日本電気model:養殖魚サイズ測定自動化サービスscope: - version: -

Trust: 0.8

vendor:日本電気model:istorage v300scope: - version: -

Trust: 0.8

vendor:日立model:hitachi tiered storage managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-003736 // NVD: CVE-2022-4304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-4304
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-4304
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-4304
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2022-4304
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-4304
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-003736 // NVD: CVE-2022-4304 // NVD: CVE-2022-4304

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003736 // NVD: CVE-2022-4304

PATCH

title:hitachi-sec-2023-135 Software product security informationurl:https://www.openssl.org/news/secadv/20230207.txt

Trust: 0.8

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-4304

Trust: 0.1

title:Amazon Linux AMI: ALAS-2023-1683url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1683

Trust: 0.1

title:Debian Security Advisories: DSA-5343-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b6a11b827fe9cfaea9c113b2ad37856f

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1935url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1935

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1934url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1934

Trust: 0.1

title:Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023url:https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory&qid=3092389eb9f034e4b8387a75a5ae33f8

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-4304

Trust: 0.1

sources: VULMON: CVE-2022-4304 // JVNDB: JVNDB-2022-003736

EXTERNAL IDS

db:NVDid:CVE-2022-4304

Trust: 3.5

db:JVNid:JVNVU91198149

Trust: 0.8

db:JVNid:JVNVU92598492

Trust: 0.8

db:JVNid:JVNVU99752892

Trust: 0.8

db:JVNid:JVNVU98954443

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNid:JVNVU91676340

Trust: 0.8

db:JVNid:JVNVU95292697

Trust: 0.8

db:JVNid:JVNVU95962757

Trust: 0.8

db:JVNid:JVNVU99836374

Trust: 0.8

db:JVNid:JVNVU98345649

Trust: 0.8

db:JVNid:JVNVU90056839

Trust: 0.8

db:JVNid:JVNVU91482879

Trust: 0.8

db:JVNid:JVNVU93250330

Trust: 0.8

db:JVNid:JVNVU97200253

Trust: 0.8

db:JVNid:JVNVU91213144

Trust: 0.8

db:ICS CERTid:ICSA-24-205-02

Trust: 0.8

db:ICS CERTid:ICSA-24-046-15

Trust: 0.8

db:ICS CERTid:ICSA-23-222-09

Trust: 0.8

db:ICS CERTid:ICSA-24-102-08

Trust: 0.8

db:ICS CERTid:ICSA-23-194-04

Trust: 0.8

db:ICS CERTid:ICSA-25-065-01

Trust: 0.8

db:ICS CERTid:ICSA-24-165-06

Trust: 0.8

db:ICS CERTid:ICSA-25-160-02

Trust: 0.8

db:ICS CERTid:ICSA-24-165-11

Trust: 0.8

db:ICS CERTid:ICSA-25-044-09

Trust: 0.8

db:ICS CERTid:ICSA-23-255-01

Trust: 0.8

db:ICS CERTid:ICSA-23-143-02

Trust: 0.8

db:ICS CERTid:ICSA-23-320-08

Trust: 0.8

db:ICS CERTid:ICSA-23-166-11

Trust: 0.8

db:ICS CERTid:ICSA-24-165-10

Trust: 0.8

db:ICS CERTid:ICSA-23-075-04

Trust: 0.8

db:JVNDBid:JVNDB-2022-003736

Trust: 0.8

db:VULMONid:CVE-2022-4304

Trust: 0.1

db:PACKETSTORMid:174629

Trust: 0.1

db:PACKETSTORMid:173676

Trust: 0.1

db:PACKETSTORMid:173895

Trust: 0.1

db:PACKETSTORMid:172741

Trust: 0.1

db:PACKETSTORMid:172460

Trust: 0.1

db:PACKETSTORMid:172147

Trust: 0.1

db:PACKETSTORMid:172119

Trust: 0.1

db:PACKETSTORMid:172981

Trust: 0.1

sources: VULMON: CVE-2022-4304 // PACKETSTORM: 174629 // PACKETSTORM: 173676 // PACKETSTORM: 173895 // PACKETSTORM: 172741 // PACKETSTORM: 172460 // PACKETSTORM: 172147 // PACKETSTORM: 172119 // PACKETSTORM: 172981 // JVNDB: JVNDB-2022-003736 // NVD: CVE-2022-4304

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-4304

Trust: 1.5

url:https://www.openssl.org/news/secadv/20230207.txt

Trust: 1.1

url:https://security.gentoo.org/glsa/202402-08

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2022-4304

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2023-0215

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91213144/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99752892/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91676340/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99464755/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95292697/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu90056839/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97200253/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92598492/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98954443/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91198149/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99836374/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93250330/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95962757/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91482879/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98345649/index.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-02

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-4450

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2023-0286

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-0215

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-4450

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2023-0361

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-0286

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2023-3089

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41723

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-41723

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41724

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41725

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2023-23916

Trust: 0.3

url:https://access.redhat.com/security/vulnerabilities/rhsb-2023-001

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-2828

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-3089

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-2828

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24536

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24537

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24534

Trust: 0.2

url:https://issues.redhat.com/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-24329

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24538

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24329

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36227

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-41724

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-25173

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-27535

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-41725

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-36227

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27664

Trust: 0.2

url:https://github.com/live-hack-cve/cve-2022-4304

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2023-1683.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-38408

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-3899

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-38408

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:5103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-3899

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1255

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0465

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1260

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2253

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4093

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2253

Trust: 0.1

url:https://registry.centos.org/v2/":

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-24539

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-46663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0464

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1255

Trust: 0.1

url:https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-27561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-32067

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1260

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4091

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-29400

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24736

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-24540

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24736

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26604

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4421

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2283

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-24540

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-21938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21967

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21939

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21930

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-21939

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-21937

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21938

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-21930

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3455

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21937

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0767

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-28617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-25173

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-28617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23916

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28861

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4269

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10735

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2083

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40897

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4378

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28861

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-45061

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4378

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-48303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0266

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4269

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-45061

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43138

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-39229

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2880

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41715

Trust: 0.1

sources: VULMON: CVE-2022-4304 // PACKETSTORM: 174629 // PACKETSTORM: 173676 // PACKETSTORM: 173895 // PACKETSTORM: 172741 // PACKETSTORM: 172460 // PACKETSTORM: 172147 // PACKETSTORM: 172119 // PACKETSTORM: 172981 // JVNDB: JVNDB-2022-003736 // NVD: CVE-2022-4304

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 174629 // PACKETSTORM: 173676 // PACKETSTORM: 173895 // PACKETSTORM: 172741 // PACKETSTORM: 172460 // PACKETSTORM: 172147 // PACKETSTORM: 172119 // PACKETSTORM: 172981

SOURCES

db:VULMONid:CVE-2022-4304
db:PACKETSTORMid:174629
db:PACKETSTORMid:173676
db:PACKETSTORMid:173895
db:PACKETSTORMid:172741
db:PACKETSTORMid:172460
db:PACKETSTORMid:172147
db:PACKETSTORMid:172119
db:PACKETSTORMid:172981
db:JVNDBid:JVNDB-2022-003736
db:NVDid:CVE-2022-4304

LAST UPDATE DATE

2025-09-08T21:00:09.011000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-4304date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2022-003736date:2025-06-12T03:08:00
db:NVDid:CVE-2022-4304date:2025-03-20T21:15:14.890

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-4304date:2023-02-08T00:00:00
db:PACKETSTORMid:174629date:2023-09-12T16:19:34
db:PACKETSTORMid:173676date:2023-07-21T14:40:48
db:PACKETSTORMid:173895date:2023-08-02T15:35:34
db:PACKETSTORMid:172741date:2023-06-06T16:34:53
db:PACKETSTORMid:172460date:2023-05-19T14:41:19
db:PACKETSTORMid:172147date:2023-05-04T14:45:01
db:PACKETSTORMid:172119date:2023-05-03T15:23:05
db:PACKETSTORMid:172981date:2023-06-16T16:26:18
db:JVNDBid:JVNDB-2022-003736date:2023-03-07T00:00:00
db:NVDid:CVE-2022-4304date:2023-02-08T20:15:23.887