CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
10.6%
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application’s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the quarkus.*
namespace. Application-specific properties are not captured.
[
{
"vendor": "Red Hat",
"product": "Red Hat AMQ Streams 2.7.0",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apicurio Registry 2.6.1 GA",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "quarkus-core",
"cpes": [
"cpe:/a:redhat:apicurio_registry:2.6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus 3.2.12.Final",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.quarkus/quarkus-core",
"defaultStatus": "affected",
"versions": [
{
"version": "3.2.12.Final-redhat-00001",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:quarkus:3.2::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus 3.8.4.redhat",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.quarkus/quarkus-core",
"defaultStatus": "affected",
"versions": [
{
"version": "3.8.4.redhat-00002",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_application_runtimes:1.0"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/client-kn-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-istio-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-kafka-broker-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-kafka-broker-receiver-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-mtbroker-filter-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-mtchannel-broker-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-mtping-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-storage-version-migration-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/eventing-webhook-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/func-utils-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/ingress-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/knative-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/kn-cli-artifacts-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/kourier-control-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/net-istio-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/net-istio-webhook-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serverless-operator-bundle",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serverless-rhel8-operator",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-5",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-activator-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-autoscaler-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-controller-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-queue-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/serving-webhook-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1/svls-must-gather-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1-tech-preview/backstage-plugins-eventmesh-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.33.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "RHOSS-1.33-RHEL-8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "1.12.0-4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift_serverless:1.33::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apache Camel for Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apache Camel - HawtIO",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:rhboac_hawtio:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Build of Keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of OptaPlanner 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "io.quarkus/quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel K",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:integration:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "quarkus-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
]
}
]