RHSA-2022:4956HighCVSS 9.8

Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Published
June 9, 2022
Last Modified
June 26, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2021-3918 — nodejs-json-schema: Prototype pollution vulnerability CVE-2021-41190 — opencontainers: OCI manifest and index parsing confusion CVE-2021-43565 — golang.org/x/crypto: empty plaintext packet causes panic CVE-2021-43816 — containerd: Unprivileged pod may bind mount any privileged regular file on disk CVE-2021-43858 — minio: user privilege escalation in AddUser() admin API CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0778 — openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates CVE-2022-21803 — nconf: Prototype pollution in memory store CVE-2022-23806 — golang: crypto/elliptic: IsOnCurve returns true for invalid field elements CVE-2022-24450 — nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account CVE-2022-24778 — imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path CVE-2022-24785 — Moment.js: Path traversal in moment.locale CVE-2022-27191 — golang: crash in a golang.org/x/crypto/ssh server CVE-2022-29810 — go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses

🔗 References (218)