Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

SUSE-SU-2024:4329-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2024:4329-1

SUSE-SU-2024:4329-1

CRITICAL9.1

Security update for aws-iam-authenticator

Published Dec 16, 2024

Modified 1 years ago

Fix available

Details

Description of the patch:

This update for aws-iam-authenticator fixes the following issues:

CVE-2022-1996: Fixed CORS bypass (bsc#1200528).

Affected Packages

aws-iam-authenticator

SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP2SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP4

Fixed in:

0.5.3-150000.1.12.1

References

ADVISORY

https://bugzilla.suse.com/1200528

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2024-December/020005.html

ADVISORY

https://www.suse.com/security/cve/CVE-2022-1996/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2024/suse-su-20244329-1/

CVSS Analysis

CVSS v3.1

9.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

NoneA:N

9.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Upstream

CVE-2022-1996

Ecosystems(33)

SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4

Timeline

PublishedDec 16, 2024

ModifiedDec 16, 2024