CVE-2022-4132

State: PUBLISHED · Published: 2023-10-04 · Updated: 2024-09-19 · Assigner: redhat

Description

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

CWE

CWE-401 — Missing Release of Memory after Effective Lifetime

Affected

n/a / jss — v=5.5.0 [unaffected]
Red Hat / Red Hat Enterprise Linux 6 —
Red Hat / Red Hat Enterprise Linux 6 —
Red Hat / Red Hat Enterprise Linux 7 —
Red Hat / Red Hat Enterprise Linux 7 —
Red Hat / Red Hat Enterprise Linux 8 —
Red Hat / Red Hat Enterprise Linux 8 —
Red Hat / Red Hat Enterprise Linux 9 —
Red Hat / Red Hat Enterprise Linux 9 —
Red Hat / Red Hat JBoss Web Server 3 —
Red Hat / Red Hat JBoss Web Server 3 —
Red Hat / Red Hat JBoss Web Server 5 —
Fedora / Extra Packages for Enterprise Linux —
Fedora / Fedora —
Fedora / Fedora —
Fedora / Extra Packages for Enterprise Linux —

CVSS

3.1 score=5.9 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://access.redhat.com/security/cve/CVE-2022-4132 vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2147372 issue-tracking, x_refsource_REDHAT

Source

cvelistV5-main/cves/2022/4xxx/CVE-2022-4132.json