Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: RHOSDT 2.6.0 operator/operand containers Security Update

Related Vulnerabilities: CVE-2015-20107   CVE-2021-3918   CVE-2022-0391   CVE-2022-0536   CVE-2022-1292   CVE-2022-1586   CVE-2022-1650   CVE-2022-1785   CVE-2022-1897   CVE-2022-1927   CVE-2022-2068   CVE-2022-2097   CVE-2022-24785   CVE-2022-31129   CVE-2022-32206   CVE-2022-32208   CVE-2022-34903  

Source

Synopsis

Moderate: RHOSDT 2.6.0 operator/operand containers Security Update

Type/Severity

Security Advisory: Moderate

Topic

An update is now available for Red Hat Openshift distributed tracing 2.6.0

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This release of Red Hat OpenShift distributed tracing provides these changes:

Security Fix(es):

  • nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
  • eventsource: Exposure of Sensitive Information (CVE-2022-1650)
  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
  • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift distributed tracing 2 x86_64
  • Red Hat OpenShift distributed tracing for Power, little endian 2 ppc64le
  • Red Hat OpenShift distributed tracing for IBM Z and LinuxONE 2 s390x

Fixes

  • BZ - 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability
  • BZ - 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
  • BZ - 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
  • BZ - 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
  • BZ - 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started