Lucene search

RedHatRHSA-2023:7725

HistoryDec 11, 2023 - 3:07 p.m.

(RHSA-2023:7725) Moderate: RHACS 4.3 enhancement and security update

2023-12-1115:07:43

access.redhat.com

rhacs 4.3.1

security update

bug fixes

golang dependencies

dexidp

cve-2022-39222

cvss score

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.093

Percentile

94.8%

JSON

This release of RHACS 4.3.1 provides the following bug fixes:

Fixed an issue where a user could not log in if a role mapped to the user did not have at least read access for the Access permission.
Fixed an issue with editing user-defined vulnerability reports in version 4.3 that were created in a previous version and linked to a specific report scope. When editing the report in version 4.3, the report scope reference was missing, and the system returned an error message.
Updated and removed golang dependencies to address reported vulnerabilities, including false positives.

It provides the following security fix(es):

dexidp: gaining access to applications accepting that token (CVE-2022-39222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.