Bugzilla – Bug 1195255
VUL-0: CVE-2022-23181: tomcat: local privilege escalation vulnerability
Last modified: 2022-12-02 08:13:36 UTC
rh#2047417 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Reference: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 References: https://bugzilla.redhat.com/show_bug.cgi?id=2047417 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23181 http://www.cvedetails.com/cve/CVE-2022-23181/ https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
Upstream fix for 9.0.x: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e Fix for 8.5.x: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530
The following codestreams contain the buggy pattern: - SUSE:SLE-12-SP2:Update 8.0.53-29.46.1 - SUSE:SLE-12-SP4:Update 9.0.36-3.64.1 - SUSE:SLE-15:Update 9.0.36 - SUSE:SLE-15-SP1:Update 9.0.21-4.5.5 - SUSE:SLE-15-SP2:Update 9.0.36-8.1 - openSUSE:Factory 9.0.43
This is an autogenerated message for OBS integration: This bug (1195255) was mentioned in https://build.opensuse.org/request/show/956682 Factory / tomcat
SUSE-SU-2022:0695-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195255 CVE References: CVE-2022-23181 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): tomcat-9.0.36-4.70.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): tomcat-9.0.36-4.70.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): tomcat-9.0.36-4.70.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): tomcat-9.0.36-4.70.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): tomcat-9.0.36-4.70.1 SUSE Enterprise Storage 6 (src): tomcat-9.0.36-4.70.1 SUSE CaaS Platform 4.0 (src): tomcat-9.0.36-4.70.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0694-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195255 CVE References: CVE-2022-23181 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): tomcat-9.0.36-3.90.1 SUSE Linux Enterprise Server 15-LTSS (src): tomcat-9.0.36-3.90.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): tomcat-9.0.36-3.90.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): tomcat-9.0.36-3.90.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0784-1: An update that solves one vulnerability and has two fixes is now available. Category: security (important) Bug References: 1195255,1196091,1196137 CVE References: CVE-2022-23181 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): javapackages-tools-5.3.1-14.5.1, tomcat-9.0.36-3.84.1 SUSE OpenStack Cloud Crowbar 8 (src): javapackages-tools-5.3.1-14.5.1 SUSE OpenStack Cloud 9 (src): javapackages-tools-5.3.1-14.5.1, tomcat-9.0.36-3.84.1 SUSE OpenStack Cloud 8 (src): javapackages-tools-5.3.1-14.5.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): javapackages-tools-5.3.1-14.5.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): javapackages-tools-5.3.1-14.5.1, tomcat-9.0.36-3.84.1 SUSE Linux Enterprise Server 12-SP5 (src): javapackages-tools-5.3.1-14.5.1, tomcat-9.0.36-3.84.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): javapackages-tools-5.3.1-14.5.1, tomcat-9.0.36-3.84.1 HPE Helion Openstack 8 (src): javapackages-tools-5.3.1-14.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2022:0818-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1195255,1196137 CVE References: CVE-2022-23181 JIRA References: Sources used: openSUSE Leap 15.4 (src): tomcat-9.0.36-19.1 openSUSE Leap 15.3 (src): tomcat-9.0.36-19.1
SUSE-SU-2022:0818-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1195255,1196137 CVE References: CVE-2022-23181 JIRA References: Sources used: SUSE Manager Server 4.1 (src): tomcat-9.0.36-19.1 SUSE Manager Retail Branch Server 4.1 (src): tomcat-9.0.36-19.1 SUSE Manager Proxy 4.1 (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): tomcat-9.0.36-19.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): tomcat-9.0.36-19.1 SUSE Enterprise Storage 7 (src): tomcat-9.0.36-19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.