RHSA-2022:7257: Low: Red Hat Integration Camel-K 1.8.1 security update
A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images. Details are linked in the References section.Security Fix(es): jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169) tika-core: incomplete fix for CVE-2022-30126 (CVE-2022-30973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:7257?
The severity of RHSA-2022:7257 is classified as low.
What vulnerabilities are addressed in RHSA-2022:7257?
RHSA-2022:7257 addresses vulnerabilities related to Jetty's ConcatServlet and WelcomeFilter that improperly allow access to protected resources.
How do I fix RHSA-2022:7257?
To fix RHSA-2022:7257, you should update to the latest minor version of Red Hat Camel K as indicated in the advisory.
Which Red Hat products are affected by RHSA-2022:7257?
RHSA-2022:7257 affects Red Hat Camel K and its associated base images.
Is there any recommended action for users affected by RHSA-2022:7257?
Users affected by RHSA-2022:7257 are advised to promptly apply the updates to mitigate the identified vulnerabilities.