Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-39222 (GCVE-0-2022-39222)
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2025-04-22 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39222",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:41:13.660223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:20:02.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dex",
"vendor": "dexidp",
"versions": [
{
"status": "affected",
"version": "\u003c 2.35.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
}
],
"source": {
"advisory": "GHSA-vh7g-p26c-j2cw",
"discovery": "UNKNOWN"
},
"title": "OAuth authorization code exposure in Dex"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39222",
"datePublished": "2022-10-06T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:20:02.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-39222\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-10-06T18:16:09.037\",\"lastModified\":\"2024-11-21T07:17:49.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"Dex es un servicio de identidad que usa OpenID Connect para impulsar la autenticaci\u00f3n de otras aplicaciones. Las instancias de Dex con clientes p\u00fablicos (y por extensi\u00f3n, los clientes que aceptan tokens emitidos por esas instancias de Dex) est\u00e1n afectadas por esta vulnerabilidad si est\u00e1n ejecutando una versi\u00f3n anterior a la 2.35.0. Un atacante puede explotar esta vulnerabilidad al hacer que una v\u00edctima navegue a un sitio web malicioso y gui\u00e1ndola mediante el flujo OIDC, robando el c\u00f3digo de autorizaci\u00f3n OAuth en el proceso. El c\u00f3digo de autorizaci\u00f3n puede entonces ser intercambiado por el atacante por un token, consiguiendo acceso a las aplicaciones que aceptan ese token. La versi\u00f3n 2.35.0 ha introducido una correcci\u00f3n para este problema. Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:dex:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.35.0\",\"matchCriteriaId\":\"1B52FCE8-6C6A-4223-97CC-96FA565388BD\"}]}]}],\"references\":[{\"url\":\"https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:00:43.424Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-39222\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:41:13.660223Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:41:15.600Z\"}}], \"cna\": {\"title\": \"OAuth authorization code exposure in Dex\", \"source\": {\"advisory\": \"GHSA-vh7g-p26c-j2cw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"dexidp\", \"product\": \"dex\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.35.0\"}]}], \"references\": [{\"url\": \"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw\"}, {\"url\": \"https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-10-11T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-39222\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T17:20:02.654Z\", \"dateReserved\": \"2022-09-02T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-10-06T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2022-39222
Vulnerability from fkie_nvd
Published
2022-10-06 18:16
Modified
2024-11-21 07:17
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | dex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:dex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B52FCE8-6C6A-4223-97CC-96FA565388BD",
"versionEndExcluding": "2.35.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Dex es un servicio de identidad que usa OpenID Connect para impulsar la autenticaci\u00f3n de otras aplicaciones. Las instancias de Dex con clientes p\u00fablicos (y por extensi\u00f3n, los clientes que aceptan tokens emitidos por esas instancias de Dex) est\u00e1n afectadas por esta vulnerabilidad si est\u00e1n ejecutando una versi\u00f3n anterior a la 2.35.0. Un atacante puede explotar esta vulnerabilidad al hacer que una v\u00edctima navegue a un sitio web malicioso y gui\u00e1ndola mediante el flujo OIDC, robando el c\u00f3digo de autorizaci\u00f3n OAuth en el proceso. El c\u00f3digo de autorizaci\u00f3n puede entonces ser intercambiado por el atacante por un token, consiguiendo acceso a las aplicaciones que aceptan ese token. La versi\u00f3n 2.35.0 ha introducido una correcci\u00f3n para este problema. Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-39222",
"lastModified": "2024-11-21T07:17:49.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-06T18:16:09.037",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
wid-sec-w-2023-3113
Vulnerability from csaf_certbund
Published
2023-12-11 23:00
Modified
2023-12-11 23:00
Summary
Red Hat Advanced Cluster Security: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Advanced Cluster Security ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Advanced Cluster Security ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3113 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3113.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3113 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3113"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-12-11",
"url": "https://access.redhat.com/errata/RHSA-2023:7725"
}
],
"source_lang": "en-US",
"title": "Red Hat Advanced Cluster Security: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-12-11T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:40.664+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3113",
"initial_release_date": "2023-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RHACS \u003c 4.3.1",
"product": {
"name": "Red Hat Enterprise Linux RHACS \u003c 4.3.1",
"product_id": "T031600",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.3.1"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-39222",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Advanced Cluster Security. Diese besteht in dem Identit\u00e4tsdienst Dex. Unter bestimmten Umst\u00e4nden ist es einem Angreifer m\u00f6glich, den OAuth-Autorisierungscode zu stehlen und so Zugriff auf auf Anwendungen zu erhalten. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-12-11T23:00:00.000+00:00",
"title": "CVE-2022-39222"
}
]
}
rhsa-2023:7725
Vulnerability from csaf_redhat
Published
2023-12-11 15:09
Modified
2025-08-05 15:21
Summary
Red Hat Security Advisory: RHACS 4.3 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of RHACS 4.3.1 provides the following bug fixes:
* Fixed an issue where a user could not log in if a role mapped to the user did not have at least `read` access for the `Access` permission.
* Fixed an issue with editing user-defined vulnerability reports in version 4.3 that were created in a previous version and linked to a specific report scope. When editing the report in version 4.3, the report scope reference was missing, and the system returned an error message.
* Updated and removed golang dependencies to address reported vulnerabilities, including false positives.
It provides the following security fix(es):
* dexidp: gaining access to applications accepting that token (CVE-2022-39222)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.3.1 provides the following bug fixes:\n\n* Fixed an issue where a user could not log in if a role mapped to the user did not have at least `read` access for the `Access` permission.\n\n* Fixed an issue with editing user-defined vulnerability reports in version 4.3 that were created in a previous version and linked to a specific report scope. When editing the report in version 4.3, the report scope reference was missing, and the system returned an error message.\n\n* Updated and removed golang dependencies to address reported vulnerabilities, including false positives.\n\nIt provides the following security fix(es):\n\n* dexidp: gaining access to applications accepting that token (CVE-2022-39222)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7725",
"url": "https://access.redhat.com/errata/RHSA-2023:7725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.3/release_notes/43-release-notes.html",
"url": "https://docs.openshift.com/acs/4.3/release_notes/43-release-notes.html"
},
{
"category": "external",
"summary": "2253625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253625"
},
{
"category": "external",
"summary": "ROX-20850",
"url": "https://issues.redhat.com/browse/ROX-20850"
},
{
"category": "external",
"summary": "ROX-20927",
"url": "https://issues.redhat.com/browse/ROX-20927"
},
{
"category": "external",
"summary": "ROX-20941",
"url": "https://issues.redhat.com/browse/ROX-20941"
},
{
"category": "external",
"summary": "ROX-21106",
"url": "https://issues.redhat.com/browse/ROX-21106"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7725.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.3 enhancement and security update",
"tracking": {
"current_release_date": "2025-08-05T15:21:51+00:00",
"generator": {
"date": "2025-08-05T15:21:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2023:7725",
"initial_release_date": "2023-12-11T15:09:44+00:00",
"revision_history": [
{
"date": "2023-12-11T15:09:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-11T15:09:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-05T15:21:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.3 for RHEL 8",
"product": {
"name": "RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.1-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.1-10"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.1-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.1-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.1-10"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.3.1-9"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.3.1-10"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.3.1-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.3.1-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.3.1-1"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.3.1-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"relates_to_product_reference": "8Base-RHACS-4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64 as a component of RHACS 4.3 for RHEL 8",
"product_id": "8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64",
"relates_to_product_reference": "8Base-RHACS-4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-39222",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"discovery_date": "2023-12-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253625"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Dex, an identity service that uses OpenID Connect to drive authentication for other apps. This issue may allow an attacker to make a victim navigate to a malicious website and guide them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue; Users are advised to upgrade.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dexidp: gaining access to applications accepting that token",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-39222"
},
{
"category": "external",
"summary": "RHBZ#2253625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-39222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39222"
},
{
"category": "external",
"summary": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw",
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-11T15:09:44+00:00",
"details": "If you are using an earlier version of RHACS 4.3, you are advised to upgrade to patch release 4.3.1.",
"product_ids": [
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7725"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:2e1f7f206a43b16b9eec84a9138d054a1f8c95c9b620d05160ac32bce119e78b_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a5dbf5803835c61387dac05a01a44486a2308a0e9f9f929e88b6a9b3769f8f60_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-central-db-rhel8@sha256:dfd07bd22ae9ff4a14b06009262650b4eedca84551aa02e0c4ae5e14460c2ed5_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:60aaece3ac376416a47e01d834a769609891c8198a1b95bd0bf1a773b79a7cf0_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:6402de73857f6c04a1fd5c770cd3957331b72f696a1945af880f004524b1452b_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-rhel8@sha256:de915faffadfd07bb41e612742380d86138049bd5cc5d51e8d2d81ec5751b29f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0f559bc90033644e7032cb0a929f55ad4f98177f34d2e1fed5e0d3f2988def4f_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:72a9645719f747b8d2e6b4632f0afa257d14ba1a582df1ccd989d52f98a1dcca_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e2d5f872de74369adde8211f2e002882c2a23e37e817b182fb0721a92a8b3d68_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:5ecf3c2aca847d8df0830ab698fe0e4b1a0216f04495d7e3b6a03440c5359d5a_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:93d6e895f55d2f60c8bf5b10031cc9c025e86f480a7b00cf00dbb54fe4080728_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-main-rhel8@sha256:d25ed99610b530ed8c0b6ba937a6c0822e72ae61022f57c26f0cc775fabf6a21_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:3a37d9f7751f0ec55eed03df0acd851c0a0c83249aee98850293b94f8dd2eb04_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:7e704564f53831e7e01c5c8298d42270a49c0dad6327b80832cf34419da00fca_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-operator-bundle@sha256:90bdfd8fba74a36a81c52c2fe7abbd79158d1482699bda52af7e2caf0803b3fc_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:0c0638f9f612b93671e798881cdc1205741db4fa08086afa0e3cf57710975586_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:9869d3e2b2d08232aab2f3af99467758b4b95e7d4f72fed9ac6bdd29eb7da81d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-rhel8-operator@sha256:acf7dabe654ffee7d6e944f810e6ab19d62ae21e5a96499d1b3898cc56d5da91_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:63817765b309bccdaf47a4ed3ee0cd3c00f831e11605616da0e177e4090b1604_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:7744d2530bc26d872030805b583141f2aae75d9b119efa344e025c78a4e8b3c1_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:788627d59ebeaa64b341f704f8f493a0420c0c681b15ffcd419adf993033dd6c_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:70e7614d3325f6585924b90560f4683bbe35399269509e56aa4f3e9eedf14797_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:938280e962b71270c35ad82962ad0c6559c6f6a04b21b4374e193f48bf2ff021_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:e8643e1dcf18e4ecda5cf917d5de840e466e19a300aa4c3a2d766d5252bb76b4_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9048d490f3da588e6c674c5e4e3f164aaee6729ba6cd11ef9427719593bb0b93_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b2f0e4561b9f960675b812fd0721d890e8feb55dbbc9eff7a1fc8cd90c27fd03_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:e5b08b8d62f8912ca0d8650bf15cf0c4e9e648299d3d443d39c14c46bc1282a4_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:9d7f729111a93515a15ddad0f4bc69e857d25af89025847551436639e54c011f_amd64",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:df6a5a8e9a7a0f412178ef9afd9d0788fde0023e21beb134dc2b5675a9b11a35_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2e144a772bcf40fc2cc18615a618e534f37af5da46052a94b06ab247f4dc620_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:34b1ddac79932bef05caafa82ff9862b2b9720b07a82e43ba115281e6e837a63_ppc64le",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:692b9eafa5bbcea2033197c0537dfbbf21bbcd2a75f3b311912193405ba4671d_s390x",
"8Base-RHACS-4.3:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c5335e389d459d6de8db7fb1fae9aff32ab1efe754751d6a1bd5d81589c146db_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dexidp: gaining access to applications accepting that token"
}
]
}
gsd-2022-39222
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-39222",
"description": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.",
"id": "GSD-2022-39222"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-39222"
],
"details": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.",
"id": "GSD-2022-39222",
"modified": "2023-12-13T01:19:20.528811Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39222",
"STATE": "PUBLIC",
"TITLE": "OAuth authorization code exposure in Dex"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dex",
"version": {
"version_data": [
{
"version_value": "\u003c 2.35.0"
}
]
}
}
]
},
"vendor_name": "dexidp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw",
"refsource": "CONFIRM",
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"name": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634",
"refsource": "MISC",
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
}
]
},
"source": {
"advisory": "GHSA-vh7g-p26c-j2cw",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv2.35.0",
"affected_versions": "All versions before 2.35.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-862",
"CWE-937"
],
"date": "2023-07-11",
"description": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.",
"fixed_versions": [
"v2.35.0"
],
"identifier": "CVE-2022-39222",
"identifiers": [
"CVE-2022-39222",
"GHSA-vh7g-p26c-j2cw",
"GMS-2022-4755"
],
"not_impacted": "",
"package_slug": "go/github.com/dexidp/dex",
"pubdate": "2022-10-06",
"solution": "Upgrade to version 2.35.0 or above.",
"title": "Insufficiently Protected Credentials",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-39222",
"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw",
"https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634",
"https://github.com/dexidp/dex/releases/tag/v2.35.0",
"https://github.com/advisories/GHSA-vh7g-p26c-j2cw"
],
"uuid": "670f9d87-2438-4197-9016-9e82417d8a01",
"versions": [
{
"commit": {
"sha": "488db3253cbb5918fa3d134035beb422c74f1a6e",
"tags": [
"v2.35.0"
],
"timestamp": "20221003101923"
},
"number": "v2.35.0"
}
]
},
{
"affected_range": "\u003c0",
"affected_versions": "All versions up to 2.34.0",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-10-03",
"description": "Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Patches: Update to 2.35.0. Workarounds: No known workarounds (without impacting behavior) for existing versions. Disabling public clients is the only way to defend against attacks exploiting this vulnerability.",
"fixed_versions": [
"v2.35.0"
],
"identifier": "GMS-2022-4755",
"identifiers": [
"GHSA-vh7g-p26c-j2cw",
"GMS-2022-4755",
"CVE-2022-39222"
],
"not_impacted": "All versions after 2.34.0",
"package_slug": "go/github.com/dexidp/dex",
"pubdate": "2022-10-03",
"solution": "Upgrade to version 2.35.0 or above.",
"title": "Duplicate of ./go/github.com/dexidp/dex/CVE-2022-39222.yml",
"urls": [
"https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw",
"https://github.com/dexidp/dex/releases/tag/v2.35.0",
"https://github.com/advisories/GHSA-vh7g-p26c-j2cw"
],
"uuid": "7f814fb6-c8cb-4ad8-a583-0b10b35750ef",
"versions": [
{
"commit": {
"sha": "7b589ba3a7b169052a48e70a123ae9c9b48398c6",
"tags": [
"v2.34.0"
],
"timestamp": "20220914113842"
},
"number": "v2.34.0"
},
{
"commit": {
"sha": "488db3253cbb5918fa3d134035beb422c74f1a6e",
"tags": [
"v2.35.0"
],
"timestamp": "20221003101923"
},
"number": "v2.35.0"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linuxfoundation:dex:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.35.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39222"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"name": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-11T21:02Z",
"publishedDate": "2022-10-06T18:16Z"
}
}
}
ghsa-vh7g-p26c-j2cw
Vulnerability from github
Published
2022-10-03 19:12
Modified
2023-07-12 14:01
Severity ?
VLAI Severity ?
Summary
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Details
Impact
Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability.
An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token.
Steps to reproduce
1) A victim navigates to a malicious website
2) The webserver initiates a connection with a Dex instance directly - https://dexexample.com/auth/https:%252F%252Faccounts.google.com?access_type=online&client_id=example&nonce=2AaJAimQU9CbeOFsNra1d7CJTWB&redirect_uri=http%3A%2F%2Flocalhost%3A40393%2Fauth%2Fcallback&response_type=code&scope=openid+email&state=2AaJAjhpUmsB25csCo5muvorMTl. In this example, the Dex instance is hosted on dexexample.com, and the connector is accounts.google.com.
3) Dex returns a 302 Redirect to the connector IDP, https://accounts.google.com/o/oauth2/v2/auth?client_id=237800849078-hri2ndt7gdafpf34kq8crd5sik9pe3so.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fdexexample.com%2Fauth%2Fcallback&response_type=code&scope=openid+email&state=g3dkmpontsr3ugocoddjx72ef. The attacker records the state parameter value g3dkmpontsr3ugocoddjx72ef which will be used as the request ID later on.
4) The malicious website redirects the victim’s browser to the connector IDP.
5) The user authenticates to the connector IDP. If they have authenticated before, they may not be presented with an authentication challenge. The user will silently be taken through the following steps:
Authentication with the connector IDP, which redirects the browser to the Dex callback with a code - https://dexexample.com/callback?state=g3dkmpontsr3ugocoddjx72ef&code=4%2F0AX4XfWizg1PQEQNl18hmP0_YQ3iUYII2ed13n9ikKr_ZcV7uCZpZaPcIlxBzX5QwFIcs-w&scope=email+openid+https%3A%2F%[2Fwww.googleapis.com](http://2fwww.googleapis.com/)%2Fauth%2Fuserinfo.email&authuser=0&hd=[google.com](http://google.com/)&prompt=none
Dex handles the callback, fetching the user claims from the connector IDP, persisting them and generating an OAuth code. Then Dex redirects the browser to the approval endpoint https://dexexample.com/approval?req=g3dkmpontsr3ugocoddjx72ef. Note that the req parameter is the same as the attacker's recorded state parameter.
Dex uses the request ID to look up the OAuth code, and builds a redirect to the original callback with the code - http://localhost:40393/auth/callback?code=bz5p3oov2wlh5k3rboa4atxas&state=2AaJAjhpUmsB25csCo5muvorMTl.
In step 2., when the webserver initiates the connection to Dex and receives the redirect to the connector IDP, the webserver will persist the connector state parameter (g3dkmpontsr3ugocoddjx72ef), which is used as the request ID to later look up the OAuth code. As the user goes through the authentication flow with the connector IDP, the webserver will repeatedly request /approval?req=<state>. Once the user has successfully authenticated, if the webserver is able to call /approval before the victim’s browser calls /approval, then an attacker can fetch the Dex OAuth code which can be exchanged for an ID token using the /token endpoint.
Note that PKCE does not defend against this attack since the webserver initiates the request to Dex with a known code challenge.
Fix
The request has been made unpredictable with message authentication. This was accomplished by creating an HMAC using a randomly generated per-request secret. This secret is persisted between the initial login request and the approval request. Since the HMAC is derived using a secret key, its value cannot be known to an attacker, so they will be unable to poll /approval for the code.
Patches
Update to 2.35.0.
Workarounds
No known workarounds (without impacting behavior) for existing versions.
Disabling public clients is the only way to defend against attacks exploiting this vulnerability.
References
For more information
If you have any questions or comments about this advisory: * Start a new discussion * Email us at cncf-dex-maintainers@lists.cncf.io
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.34.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/dexidp/dex"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.35.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39222"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-03T19:12:03Z",
"nvd_published_at": "2022-10-06T18:16:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nDex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability.\n\nAn attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token.\n\n### Steps to reproduce\n\n1) A victim navigates to a malicious website\n\n2) The webserver initiates a connection with a Dex instance directly - https://dexexample.com/auth/https:%252F%252Faccounts.google.com?access_type=online\u0026client_id=example\u0026nonce=2AaJAimQU9CbeOFsNra1d7CJTWB\u0026redirect_uri=http%3A%2F%2Flocalhost%3A40393%2Fauth%2Fcallback\u0026response_type=code\u0026scope=openid+email\u0026state=2AaJAjhpUmsB25csCo5muvorMTl. In this example, the Dex instance is hosted on `dexexample.com`, and the connector is `accounts.google.com`.\n\n3) Dex returns a 302 Redirect to the connector IDP, https://accounts.google.com/o/oauth2/v2/auth?client_id=237800849078-hri2ndt7gdafpf34kq8crd5sik9pe3so.apps.googleusercontent.com\u0026redirect_uri=https%3A%2F%2Fdexexample.com%2Fauth%2Fcallback\u0026response_type=code\u0026scope=openid+email\u0026state=g3dkmpontsr3ugocoddjx72ef. The attacker records the state parameter value g3dkmpontsr3ugocoddjx72ef which will be used as the request ID later on.\n\n4) The malicious website redirects the victim\u2019s browser to the connector IDP.\n\n5) The user authenticates to the connector IDP. If they have authenticated before, they may not be presented with an authentication challenge. The user will silently be taken through the following steps:\n\n Authentication with the connector IDP, which redirects the browser to the Dex callback with a code - https://dexexample.com/callback?state=g3dkmpontsr3ugocoddjx72ef\u0026code=4%2F0AX4XfWizg1PQEQNl18hmP0_YQ3iUYII2ed13n9ikKr_ZcV7uCZpZaPcIlxBzX5QwFIcs-w\u0026scope=email+openid+https%3A%2F%[2Fwww.googleapis.com](http://2fwww.googleapis.com/)%2Fauth%2Fuserinfo.email\u0026authuser=0\u0026hd=[google.com](http://google.com/)\u0026prompt=none\n\n Dex handles the callback, fetching the user claims from the connector IDP, persisting them and generating an OAuth code. Then Dex redirects the browser to the approval endpoint https://dexexample.com/approval?req=g3dkmpontsr3ugocoddjx72ef. Note that the req parameter is the same as the attacker\u0027s recorded state parameter.\n\n Dex uses the request ID to look up the OAuth code, and builds a redirect to the original callback with the code - http://localhost:40393/auth/callback?code=bz5p3oov2wlh5k3rboa4atxas\u0026state=2AaJAjhpUmsB25csCo5muvorMTl.\n\n\nIn step 2., when the webserver initiates the connection to Dex and receives the redirect to the connector IDP, the webserver will persist the connector state parameter (`g3dkmpontsr3ugocoddjx72ef`), which is used as the request ID to later look up the OAuth code. As the user goes through the authentication flow with the connector IDP, the webserver will repeatedly request `/approval?req=\u003cstate\u003e`. Once the user has successfully authenticated, if the webserver is able to call /approval before the victim\u2019s browser calls `/approval`, then an attacker can fetch the Dex OAuth code which can be exchanged for an ID token using the `/token` endpoint.\n\nNote that PKCE does not defend against this attack since the webserver initiates the request to Dex with a known code challenge.\n\n### Fix\n\nThe request has been made unpredictable with message authentication. This was accomplished by creating an [HMAC](https://en.wikipedia.org/wiki/HMAC) using a randomly generated per-request secret. This secret is persisted between the initial login request and the approval request. Since the HMAC is derived using a secret key, its value cannot be known to an attacker, so they will be unable to poll `/approval` for the code.\n\n### Patches\nUpdate to 2.35.0.\n\n### Workarounds\nNo known workarounds (without impacting behavior) for existing versions.\n\nDisabling public clients is the only way to defend against attacks exploiting this vulnerability.\n\n### References\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Start a new [discussion](https://github.com/dexidp/dex/discussions/new?category=q-a)\n* Email us at [cncf-dex-maintainers@lists.cncf.io](mailto:cncf-dex-maintainers@lists.cncf.io)\n",
"id": "GHSA-vh7g-p26c-j2cw",
"modified": "2023-07-12T14:01:57Z",
"published": "2022-10-03T19:12:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39222"
},
{
"type": "WEB",
"url": "https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634"
},
{
"type": "PACKAGE",
"url": "https://github.com/dexidp/dex"
},
{
"type": "WEB",
"url": "https://github.com/dexidp/dex/releases/tag/v2.35.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…