Red Hat Security Advisory 2022-8965-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update  
Advisory ID:       RHSA-2022:8965-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8965  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

An update is now available for Red Hat Single Sign-On 7.6 from the Customer  
Portal.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for  
Red Hat Single Sign-On 7.6.1, and includes the following security fixes.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

The References section of this erratum contains a download link (you must  
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

5. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4411 - Build one-off patch

6. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipmtzjgjWX9erEAQhu0A/8CC5j7AvyOc2vPpHVmT0KXrJVF1KGXsbB  
svAHX7hJHpp1aqCZReiC+b2v4TbCnVEt+k4od0XjgGrC5Wxk9gYz/crJ68m6qUIM  
N3z56OHqHZsNL4HZxIhw6dn4N7OisTidkHXGTZK3Y0HuVB+hGWy498OXsF/4kz7l  
SiJGuai0CtcF/g/u9fSYxuQUyQvuFDCDLrOXvaloBzhYgjLj43eoWBxlJ35br2U2  
blsQdohT7t93LyT1g5TxE8Vc4iF/4/Tf6EjrmGK635XSAG5GzfHav0CnS9GU49Ju  
3qA5Vvp9lJgEvq6kD4w0hyCkJ78aDK8ljK6NGZeyRRpXiAYJchvvXVJcKw2D1Fy2  
FgqrEvWQqmiCw/z7Q9POXhOsz1xNwdy2bFjZtdOvrERSv1Ffn2vvQlInxcdq/WR2  
AZ7vFV5AdLgPIwWosRiuOZXWl5smF5EsyyhsMdGzmiyZhhsEW1wAZ+8CUN3HEjxK  
8QoNuLsgmOuDw4ga+NrZj8487m96RO/Tj1yqJ9eGLA2EFSOhJCunxP6atRUBeK1m  
diU0kJ5o3QnrzstmvYvNFJqS29aKAyiG8rOd2Il59BeHYRfd7tUiDAsRE5SQqh0h  
6neuz4eqS19jrSCR4HgHsDRfbUcRQi/Rpuj1F9DM94in5TrQ0fUvuof2/xCZg1Q+  
kb9RAWpgtBs=ov2Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8965-01

Red Hat Security Advisory 2022-8963-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9  
Advisory ID:       RHSA-2022:8963-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8963  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.6 for RHEL 9 - noarch

3. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a  
replacement for Red Hat Single Sign-On 7.6.1, and includes the security  
fixes listed below.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4414 - Build RPMs for this patch

7. Package List:

Red Hat Single Sign-On 7.6 for RHEL 9:

Source:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.src.rpm

noarch:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm  
rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipndzjgjWX9erEAQhVcxAAnTGHyVcLWPvYT8iwc9H8oDFxvLGgHmzc  
dWM5kJDBs6in9LmpRfuK+e2+ImTB51tJevuhhlWK352/sNaNLUqRDVwh3lC+5j/I  
Wg9OVsLlSDrlaB8XPUP2W7yDa8ZHc4SMb6t4h/h7xKc4ylLAJNM2K/d/wiisAK3n  
154VOxiaQJjfSOk1EPJipg6oe8iT0ytStcWqxstpvVQj8oWEvyghzeZyQbcy/+Ar  
9L7lc43jCkZWq8LVRznX4SwooqJvsARuvw9M54dvaWAkdr4lme07BIAY2AEIk1k3  
fB3to4RtSb2I6H/PsJn2uZ4r0aeigWMTEG4M+8RluAjjglVtBISjwzQ4WAahwL7o  
2Gjoxpoe81WFSLAqwvmNdqQplJSMVajymKweFVQBZih0VGYTCGR/LRCg57Fjh3UZ  
o96jAUIjR7DtXrU0PtuXvDyi4L8dNFRHh4oXzFVGH+0VyT/QSOonEJM2qcDcXFjv  
OD19J3457M+qTrJkqeeuFY5UhyfxzCD5fcDzOlt4YK95ptx+0dV4dlbDq3ECGbw9  
jWX1QGKnXFjsljZLCacT1RoS6wwWnDg8ZTIDZdm1FKyEA9wlqhuJMPgKFpTri7y0  
YYO14rCXVuKkoHBVB+sgpup4w2B47v897DtGw+J51hWBdmYg/miYiEUbod+Z3V8t  
7C6RUvKvSmo=XpnE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8963-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images  
Advisory ID:       RHSA-2022:8964-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8964  
Issue date:        2022-12-13  
CVE Names:         CVE-2016-3709 CVE-2022-1304 CVE-2022-3782  
                   CVE-2022-3916 CVE-2022-22624 CVE-2022-22628  
                   CVE-2022-22629 CVE-2022-22662 CVE-2022-26700  
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716  
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404  
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-30293  
                   CVE-2022-37434 CVE-2022-42898  
====================================================================  
1. Summary:

Updated rh-sso-7/sso76-openshift-rhel8 container image and  
rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based  
Middleware Containers.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The rh-sso-7/sso76-openshift-rhel8 container image and  
rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based  
Middleware Containers to address the following security issues.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Users of rh-sso-7/sso76-openshift-rhel8 container images and  
rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these  
updated images, which contain backported patches to correct these security  
issues, fix these bugs and add these enhancements. Users of these images  
are also encouraged to rebuild all container images that depend on these  
images.

You can find images updated by this advisory in Red Hat Container Catalog  
(see References).

3. Solution:

The RHEL-8 based Middleware Containers container image provided by this  
update can be downloaded from the Red Hat Container Registry at  
registry.access.redhat.com. Installation instructions for your platform are  
available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image  
specifically, or to the latest image generally.

4. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

5. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8  
CIAM-4413 - Generate new operator bundle image for this patch

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipn9zjgjWX9erEAQjCiRAAi5ZA/JuXoVbFoEvce4VnkiwYj3R9YGSF  
xcRYfIxIULSq4rRxjOKZroVyzZUp4HCYHxiNVjSOfreCVCUOrdSEipedwuJIIqvx  
SbYkdr9H0nww4Sne6rCOJZxVtgGMwMFBCVvQqeqRQAJH6qLpkuHnIda1wt/9HKbV  
6kgg4BeqmYVReLO4f0QEXaBl6xuUWTAh8hr4B2fiKJ19r5On05Ob+rXUnpfzqu2p  
tA204sSB4y5sL6cNxGHXzxDcazRdYyLJj6KkN+3ydLANjFruU5pq9nxZoqKRlT7p  
CDYGoEguuheLNyDkIXjVngHs7mtKCS6da2jqcJC3fh3N/+hhepeGXk642jyF8u1o  
RMr6M8HPNsVL4Vdg9d3CZtzfBkDFXSHKD5O6Mi6SkCTKWrY/K6UG1JQtcIpDOTzd  
PWKE1WkqvpyA3Ie8DRUI0ztEDdRhazPCd+03HYKEVWoD/a+Q5NqgCaBViSuLLxpU  
9FIq9OPwaxE4wzEjfuyOBNY183f6eTbAA7RE4ynfitiQiXMUKAhO3jLkFUgsogkp  
y/N2xyYR/SjIKyRH8zkQXc6+FD5gDX+8exWYnqD+dd8ucmK/D49nwoprXca7X4fH  
1cBIpjuFF1pXQTwnygAh7Nyd40bIjEOB81YjoiroOhoLzfsBfBywLfon14bElgu/  
c6KgATBEAcE=oocq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8962-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 8  
Advisory ID:       RHSA-2022:8962-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8962  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.6 for RHEL 8 - noarch

3. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a  
replacement for Red Hat Single Sign-On 7.6.1, and includes the security  
fixes listed below.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4414 - Build RPMs for this patch

7. Package List:

Red Hat Single Sign-On 7.6 for RHEL 8:

Source:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el8sso.src.rpm

noarch:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el8sso.noarch.rpm  
rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el8sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipldzjgjWX9erEAQiTxQ//X1uZTMfjqFKgWwdGQx+411ANW503To42  
itxaBWhSxJmbzOhJB0QKoABPCapl3mwrPC+XfdGL2sorqFFjbXNa6TkaQecfVqt2  
qwTqtEix3WQVmK2PY9e//9sea/vwfwBOfhqxgiML3ZMzrfXHzIgnWNSPE5eYT+n9  
riKkquCR7kInls3lkxgpKEQjsJXyR1FhIGzS4J8tmgHsG46zOF4fYsPI2BVj6VJg  
Y55XjFXoPjZdKWzdHNVBzuRIuoCBEToZHPNzA4D387FsAPSqVwrEQ5S0VUL7bJ/t  
WY03oVmytyvgwUnwzUSy1qgFDpzY68YAtCLdO2sNPqybiFUKAWevhCNK8Dksf7VM  
zUpmIZF5EtKAQZIF1LH+DTtwWJr+Uvy/vnbA+CqwwUcQv6/mKQIBLsIHMaLyB3Bu  
3KSksEllW6XQ+c1JFQ1BmDdkyHhmRYXxxkGqxmtW7cFj4K+rnWqu+o7IRJvbXUJM  
F3ryJcFk/0tYmzHUqCgQZQvJQwF5QCVZdIMZrAAI6ugGE5m2VeSJBgb+aHNIwn9/  
Ji9OdKRuzPJFjmuZy67RaFbF37ILTeQB6uVPz0PLjcjJZAP/NN5CjWbTS/D7Q0J/  
RgIZe5uv4sYOkH0+jd6CYQp7GVXlPvT/uVE3eONol+FgT5lyf6fWZE2vjQQsO/26  
ZyVkdE4wcmoÏoY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8962-01

Jira, Confluence,Trello, and BitBucket affected.

**BENGALURU, December 13, 2022 —** Researchers at CloudSEK observed that for Atlassian products - Jira, Confluence, and BitBucket, cookies are not invalidated, even if the password is changed, with 2FA (Two-factor Authentication) enabled, as the cookie validity is 30 days. They only expire when the user logs out, or after 30 days.

CloudSEK researchers have identified that this flaw can be leveraged by threat actors to take over hundreds of companies’ Jira accounts. Our records show over 1,282,859 compromised computers and 16,201 Jira cookies for sale on dark web marketplaces. And just in the last 30 days, over 2,937 compromised computers and 246 Jira credentials were made available. In the past 90 days, we have observed at least one compromised computer from a Fortune 1000 company. This is just considering their primary domains, not their subsidiaries. (Check the complete blog) 

The new finding came after Dec 06, 2022, when CloudSEK disclosed a cyber attack directed at the company. During the course of the investigation into the root cause of the incident, the internal investigation team identified that the threat actor gained access to a CloudSEK employee’s Jira account, using Jira session cookies present in stealer logs being sold on the dark web.

CloudSEK is releasing a free tool that lets companies check if their compromised computers and Jira accounts are being advertised on dark web marketplaces.

With over 10 million users across 180,000 companies, including 83% of Fortune 500 companies, Atlassian products are widely used across the globe. And threat actors are actively exploiting this flaw to compromise enterprise Jira accounts.

**Stolen Atlassian Cookies Can Lead to Unauthorized Account Access even if 2FA enabled**

CloudSEK’s investigation shows that cookies of Atlassian products remain valid for a period of 30 days, even if the password is changed and 2FA is enabled. Hence, threat actors can restore Jira, Confluence, Trello, or BitBucket sessions, using stolen cookies, even if they don’t have access to Multi-factor Authentication (MFA), OTP/ PIN. The cookies, by default, expire when the user logs out, or after 30 days.(Check the complete blog)

This is a known issue, and most companies do not consider it to be within the scope of security reporting, because to use this and get into systems, tokens are required.

However, it is no longer very difficult for threat actors to get their hands on these tokens. With the rise in device compromise campaigns, breaches, and password leaks, cookie theft has become commonplace. And cookies are available for sale and one can simply search for a company, buy their logs, find relevant tokens to gain access to their internal systems. In the last 30 days, more than 200unique instances of atlassian.net related credentials/ cookies have been put up for sale on darkweb marketplaces. Given that the credentials were put up for sale in the last 30 days, it is highly likely that many of them are still active.

In the case of Atlassian products, only one JSON web token (JWT) is required to hijack a session i.e._cloud.session.token_. Atlassian JWT (JSON Web Token) tokens have the email address embedded in the cookie. Hence, it is easy to determine which user the cookie belongs to.

You can check if your organization’s data is available for sale on dark web marketplaces here.

Security Flaw in Atlassian Products Affecting Multiple Companies

By Waqas
As seen by Hackread.com, a hacker is selling access to the CloudSEK infrastructure on multiple cybercrime forums.
This is a post from HackRead.com Read the original post: Cyber Security Firm CloudSEK Points Finger at Rival Over Breach

An Indian cyber security firm, CloudSEK, became the victim of a **cyber security incident** when an unknown threat actor managed to access its Confluence server.

According to CloudSEK’s blog post on the incident, its founder and CEO Rahul Sasi wrote that the hacker used stolen credentials from one of CloudSEK employees’ Jira accounts. Rahul further stated that the threat actor (s) compromised the employee’s Jira password to access the company’s Confluence pages.

Moreover, the hacker accessed some internal data such as three customer names with their purchase orders, **bug reports**, product dashboard screenshots, and Schema Diagrams obtained from the Confluence wiki.

Image credit: Hackread.com

CloudSEK also confirmed that server or database access wasn’t compromised. An investigation into the incident was quickly launched. Outlining possible suspects, Sasi claimed that another cyber security firm having a reputation for tracking dark web happenings could be responsible.

> “We suspect a notorious Cyber Security company that is into Dark web monitoring behind the attack. The attack and the indicators connect back to an attacker with a notorious history of using similar tactics we have observed in the past.”
> 
> Rahul Sasi

**Hacker’s Claims**

Around the same time when CloudSEK discovered the attack, that is on 6th December, Tuesday, Cyble Research & Intelligence Labs (CRIL) cyber security experts noticed a threat actor using the nick’ sedut’ who claimed to have breached the security of CloudSEK Info Security Pvt Ltd. The actor posted about hacking into the Indian firm on multiple cybercrime forums.

Cyble researchers suspect it was a targeted attack on CloudSEK and that the attacker’s objective was to negatively impact the company’s reputation within the digital threat intelligence fraternity. Revealing the attacker’s claims, Cyble researchers wrote in their **blog post** that the attacker had multiple accesses and was openly offering the data to buyers on these forums.

The data on sale included:

1.  Pre-sales info.
2.  VPN credentials.
3.  Purchase orders.
4.  Company credentials.
5.  Extensive clientele data.
6.  Project-related databases.
7.  Confidential source codes.
8.  Sensitive infrastructure details.
9.  Engineering products-related data.

Moreover, the threat actor claimed to have had access to CloudSEK’s ecosystem for several months. He supported this claim by sharing multiple screenshots and videos confirming they had access to the company’s internal servers.

Image credit: Cyble

As shown in the first screenshot, the hacker also leaked images that contained account usernames and passwords of accounts used for scraping the XSS and Breached hacking forums, and instructions on using different website crawlers, among other data.

The database is for sale for $10,000, and the engineering/employee product files are $8000 each.

**How Did it Occur?**

Sasi revealed that the hacker used the stolen Jira account credentials to access internal documents, training docs, open-source automation scripts, and Confluence pages, as these were attacked to the account.

CloudSEK also confirmed that the Jira user didn’t use a password but only SSO; his email was also protected by **MFA (multi-factor authentication)**. So, the Jira password and the user’s email account weren’t compromised.

Instead, the company believes the threat actor compromised the session cookies of the Jira user, allowing them to take over the account. How the attacker got hold of the session cookies is currently under investigation.

**Google Buys Cyber Security Firm Mandiant for $5.4 Billion**

**Cyber Security giant FireEye hacked by a foreign government**

**US Lists Kaspersky to Firms Posing Threat to National Security**

**Cyber Security Firm Mandiant Denies Being Hacked By LockBit**

**Amnesty Intl. accuses Indian cyber security firm of spyware attacks**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Cyber Security Firm CloudSEK Points Finger at Rival Over Breach

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Openshift Logging 5.3.14 bug fix release and security update  
Advisory ID:       RHSA-2022:8889-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8889  
Issue date:        2022-12-08  
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527   
                   CVE-2020-36516 CVE-2020-36518 CVE-2020-36558   
                   CVE-2021-3640 CVE-2021-30002 CVE-2022-0168   
                   CVE-2022-0561 CVE-2022-0562 CVE-2022-0617   
                   CVE-2022-0854 CVE-2022-0865 CVE-2022-0891   
                   CVE-2022-0908 CVE-2022-0909 CVE-2022-0924   
                   CVE-2022-1016 CVE-2022-1048 CVE-2022-1055   
                   CVE-2022-1184 CVE-2022-1292 CVE-2022-1304   
                   CVE-2022-1355 CVE-2022-1586 CVE-2022-1785   
                   CVE-2022-1852 CVE-2022-1897 CVE-2022-1927   
                   CVE-2022-2068 CVE-2022-2078 CVE-2022-2097   
                   CVE-2022-2509 CVE-2022-2586 CVE-2022-2639   
                   CVE-2022-2938 CVE-2022-3515 CVE-2022-20368   
                   CVE-2022-21499 CVE-2022-21618 CVE-2022-21619   
                   CVE-2022-21624 CVE-2022-21626 CVE-2022-21628   
                   CVE-2022-22624 CVE-2022-22628 CVE-2022-22629   
                   CVE-2022-22662 CVE-2022-22844 CVE-2022-23960   
                   CVE-2022-24448 CVE-2022-25255 CVE-2022-26373   
                   CVE-2022-26700 CVE-2022-26709 CVE-2022-26710   
                   CVE-2022-26716 CVE-2022-26717 CVE-2022-26719   
                   CVE-2022-27404 CVE-2022-27405 CVE-2022-27406   
                   CVE-2022-27950 CVE-2022-28390 CVE-2022-28893   
                   CVE-2022-29581 CVE-2022-30293 CVE-2022-34903   
                   CVE-2022-36946 CVE-2022-37434 CVE-2022-39399   
                   CVE-2022-42003 CVE-2022-42004 CVE-2022-42898   
=====================================================================

1. Summary:

Openshift Logging Bug Fix Release (5.3.14)

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Openshift Logging Bug Fix Release (5.3.14)

Security Fixe(s):

* jackson-databind: denial of service via a large depth of nested  
objects (CVE-2020-36518)

* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.3, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2020-36516  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2020-36558  
https://access.redhat.com/security/cve/CVE-2021-3640  
https://access.redhat.com/security/cve/CVE-2021-30002  
https://access.redhat.com/security/cve/CVE-2022-0168  
https://access.redhat.com/security/cve/CVE-2022-0561  
https://access.redhat.com/security/cve/CVE-2022-0562  
https://access.redhat.com/security/cve/CVE-2022-0617  
https://access.redhat.com/security/cve/CVE-2022-0854  
https://access.redhat.com/security/cve/CVE-2022-0865  
https://access.redhat.com/security/cve/CVE-2022-0891  
https://access.redhat.com/security/cve/CVE-2022-0908  
https://access.redhat.com/security/cve/CVE-2022-0909  
https://access.redhat.com/security/cve/CVE-2022-0924  
https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-1048  
https://access.redhat.com/security/cve/CVE-2022-1055  
https://access.redhat.com/security/cve/CVE-2022-1184  
https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-1355  
https://access.redhat.com/security/cve/CVE-2022-1586  
https://access.redhat.com/security/cve/CVE-2022-1785  
https://access.redhat.com/security/cve/CVE-2022-1852  
https://access.redhat.com/security/cve/CVE-2022-1897  
https://access.redhat.com/security/cve/CVE-2022-1927  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-2078  
https://access.redhat.com/security/cve/CVE-2022-2097  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-2586  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2938  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-20368  
https://access.redhat.com/security/cve/CVE-2022-21499  
https://access.redhat.com/security/cve/CVE-2022-21618  
https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-22844  
https://access.redhat.com/security/cve/CVE-2022-23960  
https://access.redhat.com/security/cve/CVE-2022-24448  
https://access.redhat.com/security/cve/CVE-2022-25255  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-27950  
https://access.redhat.com/security/cve/CVE-2022-28390  
https://access.redhat.com/security/cve/CVE-2022-28893  
https://access.redhat.com/security/cve/CVE-2022-29581  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-36946  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-39399  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5Jma9zjgjWX9erEAQh83xAAj1mTs7t69xXYjstib3b10ZSQFlaK8ZHu  
U1CEqRryyTwdLZJUBNnXcFV7S+tGPIthAzg3RCn0Tun45Kj/v296A2AF8DoKPRmu  
LZUUi6c5K0vFLTG2zbO0Gxy0rOcxwHmq9QLsQii3AylhXH9BOlJC+VeeaLdJXmd3  
7Zwg2Y2opzSYPph1yc/9yf24ln6thgSmFU7lsY60EiPN9GGPXTFKnTbWDNrfRCvy  
LJTOYISYm8miRC3TsQ/Nt31an3uSE5e6x4aVEXM12TvZTRL4GCcxbBWK3VSScbg8  
T7C98yEWNEwouXMNoQr9MGxPwgmUZ8WsgmzYMWOdKABPk5wcQPqC9pfLtamI+AOM  
TZQUy3TfdTxo79Tkhd5QVOnM0WD/3VWtv/OXTcObhacyifzk3kdr5W8D9PqwMp67  
4OiyX+bZlZAXKkLuD2IAeNsqP6wafFGPw79IGRSd5ggNRFIj9gJECxxHc+tvQR7F  
m6zIWSkjacYUfI8KEI8729qGxwGhqPHHcBS2nAm5pnxXt/3/07BkagQl+5cYW8rS  
3rTwx93v6U6F1e7H3FzpucrVDNHK406j3qhKBKHHDr12IPL8Q47dJuTFK9LxhKD8  
dGEbNbW23wEkGFjh9BKnac10mPx7uBhQBVmfIrpkgBQhUA6lY7+elso2pVt/FLYw  
ouxkTmp3LIQ=  
=PYNA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update  
Advisory ID:       RHSA-2022:8781-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8781  
Issue date:        2022-12-08  
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527   
                   CVE-2020-36516 CVE-2020-36518 CVE-2020-36558   
                   CVE-2021-3640 CVE-2021-30002 CVE-2022-0168   
                   CVE-2022-0561 CVE-2022-0562 CVE-2022-0617   
                   CVE-2022-0854 CVE-2022-0865 CVE-2022-0891   
                   CVE-2022-0908 CVE-2022-0909 CVE-2022-0924   
                   CVE-2022-1016 CVE-2022-1048 CVE-2022-1055   
                   CVE-2022-1184 CVE-2022-1292 CVE-2022-1304   
                   CVE-2022-1355 CVE-2022-1586 CVE-2022-1785   
                   CVE-2022-1852 CVE-2022-1897 CVE-2022-1927   
                   CVE-2022-2068 CVE-2022-2078 CVE-2022-2097   
                   CVE-2022-2509 CVE-2022-2586 CVE-2022-2639   
                   CVE-2022-2879 CVE-2022-2880 CVE-2022-2938   
                   CVE-2022-3515 CVE-2022-20368 CVE-2022-21499   
                   CVE-2022-21618 CVE-2022-21619 CVE-2022-21624   
                   CVE-2022-21626 CVE-2022-21628 CVE-2022-22624   
                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662   
                   CVE-2022-22844 CVE-2022-23960 CVE-2022-24448   
                   CVE-2022-25255 CVE-2022-26373 CVE-2022-26700   
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716   
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404   
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-27664   
                   CVE-2022-27950 CVE-2022-28390 CVE-2022-28893   
                   CVE-2022-29581 CVE-2022-30293 CVE-2022-32189   
                   CVE-2022-34903 CVE-2022-36946 CVE-2022-37434   
                   CVE-2022-37603 CVE-2022-39399 CVE-2022-41715   
                   CVE-2022-42003 CVE-2022-42004   
=====================================================================

1. Summary:

Logging Subsystem 5.5.5 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.5 - Red Hat OpenShift

Security Fixe(s):

* jackson-databind: denial of service via a large depth of nested  
objects (CVE-2020-36518)

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)

* golang: archive/tar: unbounded memory consumption when reading headers  
(CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)

* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

* loader-utils: Regular expression denial of service (CVE-2022-37603)

* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.5, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY  
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster  
LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch  
LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs  
LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated.  
LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types.  
LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value  
LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed  
LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue  
LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console  
LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2020-36516  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2020-36558  
https://access.redhat.com/security/cve/CVE-2021-3640  
https://access.redhat.com/security/cve/CVE-2021-30002  
https://access.redhat.com/security/cve/CVE-2022-0168  
https://access.redhat.com/security/cve/CVE-2022-0561  
https://access.redhat.com/security/cve/CVE-2022-0562  
https://access.redhat.com/security/cve/CVE-2022-0617  
https://access.redhat.com/security/cve/CVE-2022-0854  
https://access.redhat.com/security/cve/CVE-2022-0865  
https://access.redhat.com/security/cve/CVE-2022-0891  
https://access.redhat.com/security/cve/CVE-2022-0908  
https://access.redhat.com/security/cve/CVE-2022-0909  
https://access.redhat.com/security/cve/CVE-2022-0924  
https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-1048  
https://access.redhat.com/security/cve/CVE-2022-1055  
https://access.redhat.com/security/cve/CVE-2022-1184  
https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-1355  
https://access.redhat.com/security/cve/CVE-2022-1586  
https://access.redhat.com/security/cve/CVE-2022-1785  
https://access.redhat.com/security/cve/CVE-2022-1852  
https://access.redhat.com/security/cve/CVE-2022-1897  
https://access.redhat.com/security/cve/CVE-2022-1927  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-2078  
https://access.redhat.com/security/cve/CVE-2022-2097  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-2586  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-2938  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-20368  
https://access.redhat.com/security/cve/CVE-2022-21499  
https://access.redhat.com/security/cve/CVE-2022-21618  
https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-22844  
https://access.redhat.com/security/cve/CVE-2022-23960  
https://access.redhat.com/security/cve/CVE-2022-24448  
https://access.redhat.com/security/cve/CVE-2022-25255  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-27950  
https://access.redhat.com/security/cve/CVE-2022-28390  
https://access.redhat.com/security/cve/CVE-2022-28893  
https://access.redhat.com/security/cve/CVE-2022-29581  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-36946  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-37603  
https://access.redhat.com/security/cve/CVE-2022-39399  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5G9q9zjgjWX9erEAQgdfBAApTzFp8Tp32Bv5jN1EnhSqzcQ93cUa2Nr  
ot9YGh2Dzqr0lzAP2uf1O61EEYq9mte6X4DckjUDo7BT7u5ZZxMWWSstpNbFUzXl  
4xs393yEZM52DN174XOP5V7GUG0pyNlEqHYMGjdZF6pzIx2zzF300kAjB4Hpg4wK  
kKUDVnIyHlvlNcsvjms4p1rzAsIns4c73W89KVkwMyo1pvPQt6v34BWZg5DNnYAM  
hTzl0JR5XRYW4aZhIMq7FApvh4GeA7n7L0kmnDHFVcx0cnrHrjHZxmRQX0Gai1bc  
r8MvGvbMTqEAZ4VKKrgNVvVzkdrO4dw20JfbskPgTIbFXH6ns5605b31veRhMYmv  
NCSJUbq4BLYVAZEhmLa0QIqru1WVCB1e2eRUhvehLiuVlAkgmIgtKvECZ3kpQHxj  
DvOdnaWC5R9eKtNlX9N1xOtqgOF2w+/M+5ml5RJgq48Wlb41VpypDIKFBUXh+wR9  
ArrG8kao75Hl0t8/YQMouqDvgJLNgfceF+WETYryfDus9OlB4YMxhI88mx7HH9zu  
Hy4rb7RhF1OcH/kWjmMl/YJQpYSFKJDyls3tAx5ZAWGCpwAzoBZoc9BEKUQwVfnW  
f3PFotJeQdxKBsbqKVF5h0gHcfSUP+P0kQhx1GD51kxJkUmq47m3OZKIe1QLwYgm  
T1GSDHkQTcg=  
=y/FA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Low: RHACS 3.73 enhancement and security updateAdvisory ID:       RHSA-2022:8827-01Product:           RHACSAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8827Issue date:        2022-12-06CVE Names:         CVE-2022-24778 CVE-2022-36056 CVE-2022-42898====================================================================1. Summary:Updated images are now available for Red Hat Advanced Cluster Security(RHACS). The updated image includes new features and bug fixes.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Release of RHACS 3.73 provides these changes:New features:* Red Hat Advanced Cluster Security Cloud Service (ACSCS) is a Red Hatmanaged service that simplifies and accelerates RHACS deployments. ACSCS isavailable as a Field Trial release. For more information about accessingACSCS, contact Red Hat Sales.* Improved Vulnerability Management dashboard for ACSCS users.* PostgreSQL database option is available as Technology Preview feature. Ifyou are interested in participating in the Tech Preview program, contactyour Red Hat account representative.* A new build-time network policy generator as Technology Preview feature,to generate Kubernetes network policies based on Application YAMLmanifests.Notable technical changes:* RHACS uses GraphQL internally to show data in the RHACS portal. However,Red Hat does not support querying RHACS using GraphQL. If you are usingGraphQL, see https://access.redhat.com/articles/6986289 and contact Red HatConsulting.* Sensor no longer uses `anyuid` Security Context Constraint (SCC).Instead, the default SCC for Sensor is now `restricted[-v2]` or`stackrox-sensor`, depending on the settings. In addition, the `runAsUser`and `fsGroup` for the Admission control and Sensor deployments are nolonger hard-coded to `4000` on OpenShift clusters to allow using the`restricted` and `restricted-v2` SCCs. (ROX-9342)* The service account `central`, which the Central deployment uses, nowincludes `get` and `list` access to the pods, events, and namespacesresources in the namespace where you deploy Central.* The CSV export API `/api/vm/export/csv` now requires the `CVE Type`filter as part of the input query parameter. Supported values for `CVEType` are `IMAGE_CVE`, `K8S_CVE`, `ISTIO_CVE`, `NODE_CVE`, and`OPENSHIFT_CVE`.Notice of in-product docs removal:* Beginning in the RHACS 3.74 release, Red Hat will remove the in-productdocs accessible from the help menu. If you are using the in-product docs,you can instead download the required documentation in PDF format from RedHat Customer Portal. (ROX-12839)Bug fixes:* Previously, if you were using StackRox Kubernetes Security Platform -Splunk Technology Add-on, results for the `ocp4-cis-node` compliancestandard was missing from Splunk. This issue is now fixed. The Splunkintegration now includes the `ocp4-cis-node` compliance standard results.(ROX-11937)* Previously, Central would fail on the v1 CronJob deployment check. Thisissue is fixed. (ROX-13500)Security Fix(es):* imgcrypt: Unauthorized access to encryted container image on a sharedsystem due to missing check in CheckAuthorization() code path(CVE-2022-24778)* app-containers/cosign: false positive verification (CVE-2022-36056)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:To take advantage of the new features, bug fixes, and enhancements in RHACS3.73 you are advised to upgrade to RHACS 3.73.0.4. Bugs fixed (https://bugzilla.redhat.com/):2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path2128820 - CVE-2022-36056 app-containers/cosign: false positive verification5. JIRA issues fixed (https://issues.jboss.org/):ROX-13687 - Release RHACS 3.73.06. References:https://access.redhat.com/security/cve/CVE-2022-24778https://access.redhat.com/security/cve/CVE-2022-36056https://access.redhat.com/security/cve/CVE-2022-42898https://access.redhat.com/security/updates/classification/#lowhttps://docs.openshift.com/acs/3.73/release_notes/373-release-notes.html7. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBY4+QLtzjgjWX9erEAQhgOxAAl3J3PEic6f7jSpbFNJVnj4ACQxursTFGCX9qxbMTwCy19vqKx/pummlobOSRhweidwVJMMSIaXW0/ZLJyuyLDhKBjrBhjq67kpuJBilDSDWwZNJLqtU9QFx/VJyHcnACuPf22SFouXW3FZS6a4dlvK2N7va3WiwcyW29PdwRjfe8gft8UIbzLb3T2UokXwNY5s34y8q8y1Lr2KFUqFxM7e/IKl3XrLPag+rPGsw/boYhHU6U9LspaBlZ/0wv4SnYQHPvS/t5kMKiA+yRvUDmpYKo23Hi7SK+Y2c7yKUwqmeuem6ZmdefJkhTfVmTcptik1f/ie9rOHvpFeSZdZ5laEOm4DGixuh3J1qxtcMsUItYO1S8iLbF17z1jkT3V2bEZmLRjKD8L28EhYS6nqX2IfBl8wjhlbbDtv9LGFWbwwec+j1/k1kMz5u3tQThkeO9znJNYC0QiE07h28A77u7oLkC3r1OksfYvIcaQ8f8NC7AkT4kK9LhGU/w99z7y+TNErIlx3/ws3HvaSfjGsDsSVEiRh/AyCflqb5FioiHf5Mt88IoIH2mk3SUlDVyg0r5WUajdN9WQqAogTtUTesUxnUgOjuGLfxY+vVOsfSekZAk+LnlFkMrYfd28IhT9bkEFhW1NbSF5C1wfY82rpuUC1aPvsB3ua+lxqlw1gy7Hpo=If/b-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8827-01

Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core security update  
Advisory ID:       RHSA-2022:8799-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8799  
Issue date:        2022-12-06  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for pki-core is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

ppc64le:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64le.rpm  
pki-tools-10.5.18-24.el7_9.ppc64le.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

ppc64:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64.rpm  
pki-symkey-10.5.18-24.el7_9.ppc64.rpm  
pki-tools-10.5.18-24.el7_9.ppc64.rpm

ppc64le:  
pki-core-debuginfo-10.5.18-24.el7_9.ppc64le.rpm  
pki-symkey-10.5.18-24.el7_9.ppc64le.rpm

s390x:  
pki-core-debuginfo-10.5.18-24.el7_9.s390x.rpm  
pki-symkey-10.5.18-24.el7_9.s390x.rpm  
pki-tools-10.5.18-24.el7_9.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
pki-core-10.5.18-24.el7_9.src.rpm

noarch:  
pki-base-10.5.18-24.el7_9.noarch.rpm  
pki-base-java-10.5.18-24.el7_9.noarch.rpm  
pki-ca-10.5.18-24.el7_9.noarch.rpm  
pki-kra-10.5.18-24.el7_9.noarch.rpm  
pki-server-10.5.18-24.el7_9.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7_9.x86_64.rpm  
pki-symkey-10.5.18-24.el7_9.x86_64.rpm  
pki-tools-10.5.18-24.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
pki-javadoc-10.5.18-24.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY487xdzjgjWX9erEAQg5oQ//aEHlyg76MCBy/Czm84niXRrvfg+eJzzh  
A3AzrX3LMRWYrJSfv+NFx2eEaZtzwqi0O1Dser5NM6Wper9Qvp2XrtZTjJmPxu03  
LMEYFeMXJXPMEaO+luV+gJe+BfXCGo7yGbnHUZbKYapr1cLiphU+Lt3phx+fZu9P  
3mQdGfCuaCfi+7uzctc9ybYy1bvi/UqbQ0K+f68XrFbp4+wM+QeLFvvqx8eIC2Mk  
aLKZYTePpSCk6YSlSZTVfDIWhX5fz6E+LXD8CqNlcBYNRY3JAhdYthtMPtS7wthk  
ioPQ4mWERDR+W5WTJoH11G6iiORsnziYK8Ea5+DIKDSxPtmdFYaEUwaUpP5izCkQ  
q9LkvwN7jBgdFbam/x77/yLSkBSYBJEs5nOc+xr9FvJnNLZE6deHYzQYhlD/a5Ha  
msiHvkStwKNudFy4AqVn9ytyH74kpUImVMh2/4TIXPAypdmU00rtV8rAkGZo2XON  
M9c6/p72cW9G/GpgTuU5enpafmqkB7EZUS77nX2S+uCWRmL3mC/38rm6THbioMkw  
8/BdLK12waoVzs8tjK/ncuziJujIRaKBAa/nrmqts2CMt4/yytPLYrVhzkUTqHiM  
cZJCCyo1Ra4+mDq/TogwSnMxIY6j6LFbfFkzzUIMtHp30a87Bp0yvy3js8E3+i6C  
5W4lq2gL0Jk=jk91  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#jira