What is RHSA-2023:0777?

RHSA-2023:0777 is a security advisory published by Red Hat Product Security with Critical severity. Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Which CVE IDs does RHSA-2023:0777 cover?

RHSA-2023:0777 covers the following CVE IDs: CVE-2022-43402, CVE-2022-43404, CVE-2022-43405, CVE-2022-43407, CVE-2020-7692, CVE-2022-2048, CVE-2022-30946, CVE-2022-36883, CVE-2022-43401, CVE-2022-43406, CVE-2022-43409, CVE-2022-45047, CVE-2022-30954, CVE-2022-34174, CVE-2022-36885, CVE-2022-43408, CVE-2022-45379, CVE-2022-45381, CVE-2022-1471, CVE-2022-30953, CVE-2022-43403, CVE-2022-45380, CVE-2022-25857, CVE-2022-30952, CVE-2022-36882, CVE-2022-36884. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2023:0777?

RHSA-2023:0777 has a CVSS v3 base score of 9.9, published by Red Hat Product Security.

RHSA-2023:0777CriticalCVSS 9.9

Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

Vendor

Red Hat Product Security

Published

February 23, 2023

Last Modified

June 6, 2026

📋 Description

CVE-2020-7692 — google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-2048 — http2-server: Invalid HTTP/2 requests cause DoS CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-30946 — plugin: CSRF vulnerability in Script Security Plugin CVE-2022-30952 — plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin CVE-2022-30953 — plugin: CSRF vulnerability in Blue Ocean Plugin CVE-2022-30954 — plugin: missing permission checks in Blue Ocean Plugin CVE-2022-34174 — jenkins: Observable timing discrepancy allows determining username validity CVE-2022-36882 — jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git CVE-2022-36883 — plugin: Lack of authentication mechanism in Git Plugin webhook CVE-2022-36884 — plugin: Lack of authentication mechanism in Git Plugin webhook CVE-2022-36885 — plugin: Non-constant time webhook signature comparison in GitHub Plugin CVE-2022-43401 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43402 — jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin CVE-2022-43403 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43404 — jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin CVE-2022-43405 — jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin CVE-2022-43406 — jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin CVE-2022-43407 — jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin CVE-2022-43408 — jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin CVE-2022-43409 — jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2022-45379 — jenkins-plugin/script-security: Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions CVE-2022-45380 — jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2022-45381 — jenkins-plugin/pipeline-utility-steps: Arbitrary file read vulnerability in Pipeline Utility Steps Plugin

Red Hat Security Advisory: OpenShift Container Platform 4.9.56 security update

🔗 CVE IDs covered (26)

📋 Description

🔗 References (30)