CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
Found during March2022 CVE Scan
CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer
Score:
cve_id status cvss2Score av ac au ai
CVE-2022-23307 fixed 10 N L N P
Description:
CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References:
• https:/
• https:/
• The 3 CVEs are fixed by CentOS per this announcement: [https:/
Required Package Versions:
log4j-1.
Packages:
log4j
CVE References
Changed in starlingx: | |
assignee: | nobody → Joe Slater (jslater0wind) |
tags: | added: stx.7.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → Medium |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/839248
Review: https:/