CLSA-2022-1648069165

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1648069165.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2022-1648069165
Upstream
Published
2022-03-23T20:59:25Z
Modified
2026-06-01T00:33:19.143004484Z
Summary
Fix of CVE: CVE-2022-23307, CVE-2021-4104, CVE-2022-23305, CVE-2022-23302
Details
  • CVE-2022-23302: remove JMSSink component entrirely
  • CVE-2022-23305: ensure security of JDBCAppender adding additional check-ups
  • CVE-2022-23307: restrict chainsaw access list to classes from SYSTEMALLOWEDCLASSES group
  • CVE-2021-4104: disable JMSAppender by default and add option to manually enable it
References

Affected packages

TuxCare:CentOS:8.4 / log4j12

Package

Name
log4j12
Purl
pkg:rpm/tuxcare/log4j12?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.17-24.module_el8.4.0+2019+25f04681.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1648069165.json"

TuxCare:CentOS:8.4 / log4j12-javadoc

Package

Name
log4j12-javadoc
Purl
pkg:rpm/tuxcare/log4j12-javadoc?distro=centos-8.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.17-24.module_el8.4.0+2019+25f04681.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1648069165.json"