Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us:

Mobile Hacker For Hire, hire a hacker, hiring a hacker, hacker with proof

Red Hat Security Advisory 2022-8964-01 ≈ Mobile Hacker For Hire

Table of Contents

Hash: SHA256

Red Hat Security Advisory

Synopsis: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images
Advisory ID: RHSA-2022:8964-01
Product: Red Hat OpenShift Enterprise
Advisory URL:
Issue date: 2022-12-13
CVE Names: CVE-2016-3709 CVE-2022-1304 CVE-2022-3782
CVE-2022-3916 CVE-2022-22624 CVE-2022-22628
CVE-2022-22629 CVE-2022-22662 CVE-2022-26700
CVE-2022-26709 CVE-2022-26710 CVE-2022-26716
CVE-2022-26717 CVE-2022-26719 CVE-2022-27404
CVE-2022-27405 CVE-2022-27406 CVE-2022-30293
CVE-2022-37434 CVE-2022-42898
1. Summary:

Updated rh-sso-7/sso76-openshift-rhel8 container image and
rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based
Middleware Containers.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

The rh-sso-7/sso76-openshift-rhel8 container image and
rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based
Middleware Containers to address the following security issues.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Users of rh-sso-7/sso76-openshift-rhel8 container images and
rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these
updated images, which contain backported patches to correct these security
issues, fix these bugs and add these enhancements. Users of these images
are also encouraged to rebuild all container images that depend on these

You can find images updated by this advisory in Red Hat Container Catalog
(see References).

3. Solution:

The RHEL-8 based Middleware Containers container image provided by this
update can be downloaded from the Red Hat Container Registry at Installation instructions for your platform are
available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally.

4. Bugs fixed (

2138971 – CVE-2022-3782 keycloak: path traversal via double URL encoding
2141404 – CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

5. JIRA issues fixed (

CIAM-4412 – Build new OCP image for rh-sso-7/sso76-openshift-rhel8
CIAM-4413 – Generate new operator bundle image for this patch

6. References:

7. Contact:

The Red Hat security contact is <>. More contact
details at

Copyright 2022 Red Hat, Inc.
Version: GnuPG v1


RHSA-announce mailing list

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!