Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6407
HistorySep 09, 2022 - 7:10 a.m.

(RHSA-2022:6407) Moderate: Red Hat Integration Camel-K 1.8 security update

2022-09-0907:10:55
access.redhat.com
21
red hat integration
camel-k
cve fixes
dos
unauthorized access
memory corruption
information disclosure

0.802 High

EPSS

Percentile

98.3%

JSON

A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.

Security Fix(es):

  • hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)

  • jetty: request containing multiple Accept headers with a large number of “quality” parameters may lead to DoS (CVE-2020-27223)

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

  • mysql-connector-java: unauthorized access to critical (CVE-2021-2471)

  • lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  • elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)

  • jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)

  • jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)

  • jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)

  • xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

  • resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  • elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 22
nessus 20
ibm 34
openvas 13
suse 2
osv 23
github 7
cve 7
ubuntucve 6
prion 9
redhatcve 8
veracode 10
nvd 8
cvelist 9
cnvd 1
atlassian 5
debian 1
debiancve 4
cgr 2
wolfi 2
freebsd 1
f5 1
vaadin 1
checkpoint_advisories 1
cbl_mariner 1
githubexploit 1
redhat
redhat
(RHSA-2022:5606) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.7 security update
2022-07-19 13:36:43
(RHSA-2021:1509) Moderate: rh-eclipse-jetty security update
2021-05-05 13:15:00
(RHSA-2021:5154) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update
2021-12-15 14:37:22
nessus
nessus
Jetty 10.0.x < 10.0.2 Multiple Vulnerabilities
2021-10-04 00:00:00
Jetty < 9.4.39 Multiple Vulnerabilities
2021-10-04 00:00:00
RHEL 7 : rh-eclipse-jetty (RHSA-2021:1509)
2021-05-06 00:00:00
ibm
ibm
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)
2021-07-14 18:24:26
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Installation Manager and IBM Packaging Utility
2021-06-24 16:12:12
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Eclipse Jetty (CVE-2021-28163, CVE-2021-28164, CVE-2021-28165)
2021-06-15 19:15:39
openvas
openvas
openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:2005-1)
2021-07-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2005-1)
2021-06-18 00:00:00
Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-01)
2021-01-25 00:00:00
suse
suse
Security update for jetty-minimal (important)
2021-07-11 00:00:00
Security update for jsoup, jsr-305 (important)
2022-04-19 00:00:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
BIT-elasticsearch-2021-22137
2024-03-06 10:53:35
BIT-elasticsearch-2021-22132
2024-03-06 10:54:05
github
github
Insufficiently Protected Credentials in Elasticsearch
2021-03-18 19:27:27
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
Improper Privilege Management in Apache Hadoop
2022-02-09 22:17:38
cve
cve
CVE-2021-22137
2021-05-13 18:15:09
CVE-2021-22132
2021-01-14 20:15:13
CVE-2021-20289
2021-03-26 17:15:13
ubuntucve
ubuntucve
CVE-2021-22132
2021-01-14 00:00:00
CVE-2021-20289
2021-03-26 00:00:00
CVE-2021-22137
2021-05-13 00:00:00
prion
prion
Information disclosure
2021-01-14 20:15:00
Input validation
2021-08-18 15:15:00
Design/Logic Flaw
2021-05-13 18:15:00
redhatcve
redhatcve
CVE-2021-22132
2021-02-01 15:13:12
CVE-2021-22137
2021-03-25 14:58:19
CVE-2021-20289
2021-03-16 14:32:50
veracode
veracode
Information Disclosure
2021-03-19 05:35:47
Information Disclosure
2021-05-17 07:46:38
Bypass Of Secure Validation
2021-09-20 03:36:05
nvd
nvd
CVE-2021-22132
2021-01-14 20:15:13
CVE-2021-22137
2021-05-13 18:15:09
CVE-2020-9492
2021-01-26 18:16:10
cvelist
cvelist
CVE-2021-22132
2021-01-14 19:20:12
CVE-2020-9492
2021-01-26 12:55:29
CVE-2021-22137
2021-05-13 17:35:18
cnvd
cnvd
Apache Kafka timing attack vulnerability
2021-09-22 00:00:00
atlassian
atlassian
Vulnerable version of xmlsec used - CVE-2021-40690
2022-03-15 19:56:03
Info Disclosure org.apache.santuario:xmlsec Dependency in Crowd Data Center and Server
2023-12-14 07:45:31
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
2023-11-12 13:45:30
debian
debian
[SECURITY] [DSA 5010-1] libxml-security-java security update
2021-11-15 17:27:50
debiancve
debiancve
CVE-2021-40690
2021-09-19 18:15:07
CVE-2021-28165
2021-04-01 15:15:14
CVE-2021-37714
2021-08-18 15:15:08
cgr
cgr
CVE-2021-38153 vulnerabilities
2024-05-19 03:07:16
CVE-2021-40690 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-38153 vulnerabilities
2024-05-29 03:07:31
CVE-2020-36518 vulnerabilities
2024-05-29 03:07:31
freebsd
freebsd
jenkins -- Denial of service vulnerability in bundled Jetty
2021-04-20 00:00:00
f5
f5
K15338344 : Eclipse Jetty vulnerability CVE-2021-28165
2021-10-15 00:00:00
vaadin
vaadin
Denial of service in third-party component in Vaadin 7 and 8
2021-10-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Eclipse Jetty Denial Of Service (CVE-2020-27223)
2021-04-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-37714 affecting package jsoup 1.11.3-3
2024-07-03 03:08:37
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Eclipse Jetty
2021-03-19 03:50:45

0.802 High

EPSS

Percentile

98.3%

JSON
Related for RHSA-2022:6407
redhat22nessus20ibm34openvas13suse2osv23github7cve7ubuntucve6prion9redhatcve8veracode10nvd8cvelist9cnvd1atlassian5debian1debiancve4cgr2wolfi2freebsd1f51vaadin1checkpoint_advisories1cbl_mariner1githubexploit1