Vulnerability Details : CVE-2022-4039
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
Products affected by CVE-2022-4039
- cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4039
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
8.0
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
Red Hat, Inc. |
CWE ids for CVE-2022-4039
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-4039
-
https://bugzilla.redhat.com/show_bug.cgi?id=2143416
2143416 – (CVE-2022-4039) CVE-2022-4039 rhsso-operator: unsecured management interface exposed to adjecent networkIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:1047
RHSA-2023:1047 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/security/cve/CVE-2022-4039
CVE-2022-4039- Red Hat Customer PortalVendor Advisory
Jump to