ID

VAR-202202-0160


CVE

CVE-2022-24450


TITLE

NATS nats-server  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004871

DESCRIPTION

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. NATS nats-server Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes Advisory ID: RHSA-2022:0735-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:0735 Issue date: 2022-03-03 CVE Names: CVE-2021-3521 CVE-2021-3712 CVE-2021-3807 CVE-2021-3872 CVE-2021-3918 CVE-2021-3984 CVE-2021-4019 CVE-2021-4034 CVE-2021-4122 CVE-2021-4155 CVE-2021-4192 CVE-2021-4193 CVE-2021-22963 CVE-2021-41089 CVE-2021-41091 CVE-2021-42574 CVE-2021-43565 CVE-2021-43816 CVE-2021-43858 CVE-2022-0185 CVE-2022-0235 CVE-2022-24407 CVE-2022-24450 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816) * minio-go: user privilege escalation in AddUser() admin API (CVE-2021-43858) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * fastify-static: open redirect via an URL with double slash followed by a domain (CVE-2021-22963) * moby: `docker cp` allows unexpected chmod of host file (CVE-2021-41089) * moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal (CVE-2021-41091) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * node-fetch: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0235) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) Bug fixes: * Trying to create a new cluster on vSphere and no feedback, stuck in "creating" (Bugzilla #1937078) * The hyperlink of *ks cluster node cannot be opened when I want to check the node (Bugzilla #2028100) * Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196) * RHACM cannot deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) (Bugzilla #2028931) * RHACM 2.4.2 images (Bugzilla #2029506) * Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 (Bugzilla #2030005) * Namespace left orphaned after destroying the cluster (Bugzilla #2030379) * The results filtered through the filter contain some data that should not be present in cluster page (Bugzilla #2034198) * Git over ssh doesn't use custom port set in url (Bugzilla #2036057) * The value of name label changed from clusterclaim name to cluster name (Bugzilla #2042223) * ACM configuration policies do not handle Limitrange or Quotas values (Bugzilla #2042545) * Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 (Bugzilla #2050847) * The azure government regions were not list in the region drop down list when creating the cluster (Bugzilla #2051797) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 2001668 - [DDF] normally, in the OCP web console, one sees a yaml of the secret, where at the bottom, the following is shown: 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2008592 - CVE-2021-41089 moby: `docker cp` allows unexpected chmod of host file 2012909 - [DDF] We feel it would be beneficial to add a sub-section here referencing the reconcile options available to users when 2015152 - CVE-2021-22963 fastify-static: open redirect via an URL with double slash followed by a domain 2023448 - CVE-2021-41091 moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2028100 - The hyperlink of *ks cluster node can not be opened when I want to check the node 2028196 - Unable to make SSH connection to a Bitbucket server 2028931 - RHACM can not deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) 2029506 - RHACM 2.4.2 images 2030005 - Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 2030379 - Namespace left orphaned after destroying the cluster 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032957 - Missing AWX templates in ACM 2034198 - The results filtered through the filter contain some data that should not be present in cluster page 2036057 - git over ssh doesn't use custom port set in url 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2039378 - Deploying CRD via Application does not update status in ACM console 2041015 - The base domain did not updated when switch the provider credentials during create the cluster/cluster pool 2042545 - ACM configuration policies do not handle Limitrange or Quotas values 2043519 - "apps.open-cluster-management.io/git-branch" annotation should be mandatory 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050847 - Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 2051797 - the azure government regions were not list in the region drop down list when create the cluster 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 5. References: https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3918 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4034 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2021-22963 https://access.redhat.com/security/cve/CVE-2021-41089 https://access.redhat.com/security/cve/CVE-2021-41091 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-43816 https://access.redhat.com/security/cve/CVE-2021-43858 https://access.redhat.com/security/cve/CVE-2022-0185 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24450 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYiE9otzjgjWX9erEAQi0Ew/9EGNefP8TLEdc6Vq3zNtj01fnV0K4Crgi sgKVOx1PYO+xFfdJKXwN/dg4kCMZ5kXPzf+6BNudmEIjDxvl7/khvWnXfgXXX5Ml 7/7vAzSkHETk63ZS8WJuXKXrfs56jEnNVpi86DgsjYcPocXmKk93OST0UlBV+Qec QjepL6X/khbKb3nCFBgSmejW2XWmqUNZ/XFOmrUtxxMyJ1PJTKmmpSIwWNy0uz9M vIECOhYPR9cOzF8NNQ5rby4/s7NyHnxLTWJcoUCNjCpJc7o7AswbQHjceLU3gX+b wkqNt7t7cEiBMvOdhRKWOyjVZ7hI8CbplRdJga52NsqhZtVMGXatK06DtTlPp4E4 RUo+gO2ipbld2KlFydBF/Rohm4xls9yzYt6uGaxH+HW75hLJLNyDPYitZptvuWAT BJFVTguNuLw9M8dk7vnbGCHZGJSz0GAKW53kx7SGe4DFcFpUtfUPua1ZLdAyuz9y ajYfbvvr4G34hxl6H/ovFzd5ydrSZpOtP43jWSBiySYRe5oOCWupp5vt3TwJOWsT ac6t4q350GEcUNRin99AGVv7Ch1Herrs+oVl4wd4jmtpHe35q2sOW4HlFhEOfsqa Gy4qDhuSxvfie0ONHVAQylj7XsRdLfClRhWCT0YmZyXcZlbELom99aDapDO8Hioa eqF6R05B/GE= =IaEk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1937078 - Trying to create a new cluster on vSphere and no feedback, stuck in "creating" 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2051752 - Wrong message is displayed when GRC fails to connect to an ansible tower 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2052702 - multicluster_operators_hub_subscription issues due to /tmp usage 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2054954 - Create Cluster, Worker Pool 2 zones do not load options that relate to the selected Region field 2059822 - Changing the multiclusterhub name other than the default name keeps the version in the web console loading. Bugs fixed (https://bugzilla.redhat.com/): 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2087686 - Can't install submariner add-ons from UI on unsupported cloud provider 2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub 2090802 - RHACM 2.5.1 images 2095333 - Broken link to Submariner manual install instructions 2096389 - `The backend service is unavailable` when accessing ACM 2.5 Overview page 2101453 - 64 character length causing clusters to unsubscribe 5. (BZ# 2033339) * Restore/backup shows up as Validation failed but the restore backup status in ACM shows success (BZ# 2034279) * Observability - OCP 311 node role are not displayed completely (BZ# 2038650) * Documented uninstall procedure leaves many leftovers (BZ# 2041921) * infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 (BZ# 2046554) * Acm failed to install due to some missing CRDs in operator (BZ# 2047463) * Navigation icons no longer showing in ACM 2.5 (BZ# 2051298) * ACM home page now includes /home/ in url (BZ# 2051299) * proxy heading in Add Credential should be capitalized (BZ# 2051349) * ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 (BZ# 2051983) * Create Policy button does not work and user cannot use console to create policy (BZ# 2053264) * No cluster information was displayed after a policyset was created (BZ# 2053366) * Dynamic plugin update does not take effect in Firefox (BZ# 2053516) * Replicated policy should not be available when creating a Policy Set (BZ# 2054431) * Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement (BZ# 2054433) 3. Bugs fixed (https://bugzilla.redhat.com/): 2014557 - RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028224 - RHACM 2.5.0 images 2028348 - [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) 2028647 - Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2033339 - create cluster pool -> choose infra type , As a result infra providers disappear from UI. 2073179 - Policy controller was unable to retrieve violation status in for an OCP 3.11 managed cluster on ARM hub 2073330 - Observabilityy - memory usage data are not collected even collect rule is fired on SNO 2073355 - Get blank page when click policy with unknown status in Governance -> Overview page 2073508 - Thread responsible to get insights data from *ks clusters is broken 2073557 - appsubstatus is not deleted for Helm applications when changing between 2 managed clusters 2073726 - Placement of First Subscription gets overlapped by the Cluster Node in Application Topology 2073739 - Console/App LC - Error message saying resource conflict only shows up in standalone ACM but not in Dynamic plugin 2073740 - Console/App LC- Apps are deployed even though deployment do not proceed because of "resource conflict" error 2074178 - Editing Helm Argo Applications does not Prune Old Resources 2074626 - Policy placement failure during ZTP SNO scale test 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2074803 - The import cluster YAML editor shows the klusterletaddonconfig was required on MCE portal 2074937 - UI allows creating cluster even when there are no ClusterImageSets 2075416 - infraEnv failed to create image after restore 2075440 - The policyreport CR is created for spoke clusters until restarted the insights-client pod 2075739 - The lookup function won't check the referred resource whether exist when using template policies 2076421 - Can't select existing placement for policy or policyset when editing policy or policyset 2076494 - No policyreport CR for spoke clusters generated in the disconnected env 2076502 - The policyset card doesn't show the cluster status(violation/without violation) again after deleted one policy 2077144 - GRC Ansible automation wizard does not display error of missing dependent Ansible Automation Platform operator 2077149 - App UI shows no clusters cluster column of App Table when Discovery Applications is deployed to a managed cluster 2077291 - Prometheus doesn't display acm_managed_cluster_info after upgrade from 2.4 to 2.5 2077304 - Create Cluster button is disabled only if other clusters exist 2077526 - ACM UI is very very slow after upgrade from 2.4 to 2.5 2077562 - Console/App LC- Helm and Object bucket applications are not showing as deployed in the UI 2077751 - Can't create a template policy from UI when the object's name is referring Golang text template syntax in this policy 2077783 - Still show violation for clusterserviceversions after enforced "Detect Image vulnerabilities " policy template and the operator is installed 2077951 - Misleading message indicated that a placement of a policy became one managed only by policy set 2078164 - Failed to edit a policy without placement 2078167 - Placement binding and rule names are not created in yaml when editing a policy previously created with no placement 2078373 - Disable the hyperlink of *ks node in standalone MCE environment since the search component was not exists 2078617 - Azure public credential details get pre-populated with base domain name in UI 2078952 - View pod logs in search details returns error 2078973 - Crashed pod is marked with success in Topology 2079013 - Changing existing placement rules does not change YAML file 2079015 - Uninstall pod crashed when destroying Azure Gov cluster in ACM 2079421 - Hyphen(s) is deleted unexpectedly in UI when yaml is turned on 2079494 - Hitting Enter in yaml editor caused unexpected keys "key00x:" to be created 2079533 - Clusters with no default clusterset do not get assigned default cluster when upgrading from ACM 2.4 to 2.5 2079585 - When an Ansible Secret is propagated to an Ansible Application namespace, the propagated secret is shown in the Credentials page 2079611 - Edit appset placement in UI with a different existing placement causes the current associated placement being deleted 2079615 - Edit appset placement in UI with a new placement throws error upon submitting 2079658 - Cluster Count is Incorrect in Application UI 2079909 - Wrong message is displayed when GRC fails to connect to an ansible tower 2080172 - Still create policy automation successfully when the PolicyAutomation name exceed 63 characters 2080215 - Get a blank page after go to policies page in upgraded env when using an user with namespace-role-binding of default view role 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080503 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2080567 - Number of cluster in violation in the table does not match other cluster numbers on the policy set details page 2080712 - Select an existing placement configuration does not work 2080776 - Unrecognized characters are displayed on policy and policy set yaml editors 2081792 - When deploying an application to a clusterpool claimed cluster after upgrade, the application does not get deployed to the cluster 2081810 - Type '-' character in Name field caused previously typed character backspaced in in the name field of policy wizard 2081829 - Application deployed on local cluster's topology is crashing after upgrade 2081938 - The deleted policy still be shown on the policyset review page when edit this policy set 2082226 - Object Storage Topology includes residue of resources after Upgrade 2082409 - Policy set details panel remains even after the policy set has been deleted 2082449 - The hypershift-addon-agent deployment did not have imagePullSecrets 2083038 - Warning still refers to the `klusterlet-addon-appmgr` pod rather than the `application-manager` pod 2083160 - When editing a helm app with failing resources to another, the appsubstatus and the managedclusterview do not get updated 2083434 - The provider-credential-controller did not support the RHV credentials type 2083854 - When deploying an application with ansiblejobs multiple times with different namespaces, the topology shows all the ansiblejobs rather than just the one within the namespace 2083870 - When editing an existing application and refreshing the `Select an existing placement configuration`, multiple occurrences of the placementrule gets displayed 2084034 - The status message looks messy in the policy set card, suggest one kind status one a row 2084158 - Support provisioning bm cluster where no provisioning network provided 2084622 - Local Helm application shows cluster resources as `Not Deployed` in Topology [Upgrade] 2085083 - Policies fail to copy to cluster namespace after ACM upgrade 2085237 - Resources referenced by a channel are not annotated with backup label 2085273 - Error querying for ansible job in app topology 2085281 - Template name error is reported but the template name was found in a different replicated policy 2086389 - The policy violations for hibernated cluster still be displayed on the policy set details page 2087515 - Validation thrown out in configuration for disconnect install while creating bm credential 2088158 - Object Storage Application deployed to all clusters is showing unemployed in topology [Upgrade] 2088511 - Some cluster resources are not showing labels that are defined in the YAML 5

Trust: 2.25

sources: NVD: CVE-2022-24450 // JVNDB: JVNDB-2022-004871 // VULMON: CVE-2022-24450 // PACKETSTORM: 166812 // PACKETSTORM: 166199 // PACKETSTORM: 167602 // PACKETSTORM: 167853 // PACKETSTORM: 166946 // PACKETSTORM: 167459

AFFECTED PRODUCTS

vendor:natsmodel:streaming serverscope:gteversion:0.15.0

Trust: 1.0

vendor:natsmodel:serverscope:gteversion:2.0.0

Trust: 1.0

vendor:natsmodel:streaming serverscope:ltversion:0.24.1

Trust: 1.0

vendor:natsmodel:serverscope:ltversion:2.7.2

Trust: 1.0

vendor:natsmodel:streaming serverscope: - version: -

Trust: 0.8

vendor:natsmodel:serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004871 // NVD: CVE-2022-24450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24450
value: HIGH

Trust: 1.0

NVD: CVE-2022-24450
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-716
value: HIGH

Trust: 0.6

VULMON: CVE-2022-24450
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-24450
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-24450
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-24450
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-24450 // JVNDB: JVNDB-2022-004871 // CNNVD: CNNVD-202202-716 // NVD: CVE-2022-24450

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-004871 // NVD: CVE-2022-24450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-716

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202202-716

PATCH

title:Release v2.7.2 NATS Advisoriesurl:https://github.com/nats-io/nats-server/releases/tag/v2.7.2

Trust: 0.8

title:Nats-Server Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=181696

Trust: 0.6

title:Red Hat: CVE-2022-24450url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-24450

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220735 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory

Trust: 0.1

title:frogboturl:https://github.com/jfrog/frogbot

Trust: 0.1

sources: VULMON: CVE-2022-24450 // JVNDB: JVNDB-2022-004871 // CNNVD: CNNVD-202202-716

EXTERNAL IDS

db:NVDid:CVE-2022-24450

Trust: 3.9

db:JVNDBid:JVNDB-2022-004871

Trust: 0.8

db:PACKETSTORMid:166199

Trust: 0.7

db:PACKETSTORMid:167853

Trust: 0.7

db:PACKETSTORMid:166946

Trust: 0.7

db:CS-HELPid:SB2022062928

Trust: 0.6

db:CS-HELPid:SB2022071342

Trust: 0.6

db:AUSCERTid:ESB-2022.0903

Trust: 0.6

db:AUSCERTid:ESB-2022.3123

Trust: 0.6

db:AUSCERTid:ESB-2022.2855

Trust: 0.6

db:CNNVDid:CNNVD-202202-716

Trust: 0.6

db:VULMONid:CVE-2022-24450

Trust: 0.1

db:PACKETSTORMid:166812

Trust: 0.1

db:PACKETSTORMid:167602

Trust: 0.1

db:PACKETSTORMid:167459

Trust: 0.1

sources: VULMON: CVE-2022-24450 // JVNDB: JVNDB-2022-004871 // PACKETSTORM: 166812 // PACKETSTORM: 166199 // PACKETSTORM: 167602 // PACKETSTORM: 167853 // PACKETSTORM: 166946 // PACKETSTORM: 167459 // CNNVD: CNNVD-202202-716 // NVD: CVE-2022-24450

REFERENCES

url:https://github.com/nats-io/nats-server/releases/tag/v2.7.2

Trust: 1.7

url:https://advisories.nats.io/cve/cve-2022-24450.txt

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-24450

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2022-24450

Trust: 1.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2855

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071342

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0903

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062928

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3123

Trust: 0.6

url:https://packetstormsecurity.com/files/166199/red-hat-security-advisory-2022-0735-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166946/red-hat-security-advisory-2022-1681-01.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.5

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-0235

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-0235

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-21803

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41190

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27191

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41190

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3918

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43816

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3918

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43858

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3752

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4157

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3744

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13974

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45485

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3773

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4002

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-29154

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43976

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0941

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43389

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3634

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21781

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3634

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-19131

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3696

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4037

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29154

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37159

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-4788

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3772

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0404

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3669

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20322

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43056

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3612

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28733

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41864

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0941

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3612

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-26401

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1011

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28736

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13974

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20322

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4083

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45486

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3697

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0322

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-4788

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-26401

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0286

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0001

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3695

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28735

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3759

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-29810

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21781

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0002

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4203

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-19131

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42739

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0404

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://github.com/jfrog/frogbot

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0847

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1476

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3872

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22963

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22963

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3984

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41091

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41089

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41089

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41091

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4019

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25219

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5201

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1621

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28915

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1681

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24771

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23555

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4115

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23555

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0613

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3669

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37159

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4083

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3744

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4956

Trust: 0.1

sources: VULMON: CVE-2022-24450 // JVNDB: JVNDB-2022-004871 // PACKETSTORM: 166812 // PACKETSTORM: 166199 // PACKETSTORM: 167602 // PACKETSTORM: 167853 // PACKETSTORM: 166946 // PACKETSTORM: 167459 // CNNVD: CNNVD-202202-716 // NVD: CVE-2022-24450

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 166812 // PACKETSTORM: 166199 // PACKETSTORM: 167602 // PACKETSTORM: 167853 // PACKETSTORM: 166946 // PACKETSTORM: 167459

SOURCES

db:VULMONid:CVE-2022-24450
db:JVNDBid:JVNDB-2022-004871
db:PACKETSTORMid:166812
db:PACKETSTORMid:166199
db:PACKETSTORMid:167602
db:PACKETSTORMid:167853
db:PACKETSTORMid:166946
db:PACKETSTORMid:167459
db:CNNVDid:CNNVD-202202-716
db:NVDid:CVE-2022-24450

LAST UPDATE DATE

2024-08-14T12:46:05.113000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-24450date:2022-02-11T00:00:00
db:JVNDBid:JVNDB-2022-004871date:2023-05-10T03:12:00
db:CNNVDid:CNNVD-202202-716date:2022-07-28T00:00:00
db:NVDid:CVE-2022-24450date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-24450date:2022-02-08T00:00:00
db:JVNDBid:JVNDB-2022-004871date:2023-05-10T00:00:00
db:PACKETSTORMid:166812date:2022-04-21T15:12:25
db:PACKETSTORMid:166199date:2022-03-04T16:03:16
db:PACKETSTORMid:167602date:2022-06-28T15:20:26
db:PACKETSTORMid:167853date:2022-07-27T17:32:40
db:PACKETSTORMid:166946date:2022-05-04T05:42:06
db:PACKETSTORMid:167459date:2022-06-09T16:11:52
db:CNNVDid:CNNVD-202202-716date:2022-02-08T00:00:00
db:NVDid:CVE-2022-24450date:2022-02-08T02:15:06.687