CLSA-2022-1648067792

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2022-1648067792.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2022-1648067792
Upstream
Published
2022-03-23T20:36:32Z
Modified
2026-06-01T00:33:20.176019673Z
Summary
Fix of CVE: CVE-2021-4104, CVE-2022-23305, CVE-2022-23302, CVE-2022-23307
Details
  • CVE-2022-23302: remove JMSSink component entrirely
  • CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups
  • CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group
  • CVE-2021-4104: disable JMSAppender by default and add option to manually enable it
References

Affected packages

TuxCare:CentOS:8.5 / log4j12

Package

Name
log4j12
Purl
pkg:rpm/tuxcare/log4j12?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.17-24.module_el8.5.0+2018+25f04681.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2022-1648067792.json"

TuxCare:CentOS:8.5 / log4j12-javadoc

Package

Name
log4j12-javadoc
Purl
pkg:rpm/tuxcare/log4j12-javadoc?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.17-24.module_el8.5.0+2018+25f04681.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2022-1648067792.json"