CVE-2022-1183
Severity
7.5HIGH
EPSS
0.4%
top 39.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMay 19
Latest updateOct 19
Description
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
🔴Vulnerability Details
6GHSA▶
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin↗2022-10-19
GHSA▶
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin↗2022-10-19
GHSA▶
GHSA-wgcp-6p65-qv57: On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure↗2022-05-20
OSV▶
CVE-2022-1183: On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure↗2022-05-19
📋Vendor Advisories
6Red Hat▶
jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin↗2022-10-19
Red Hat▶
jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin↗2022-10-19
Red Hat▶
jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin↗2022-10-19