Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

CVE-2022-22970 and CVE-2022-22971 spring-core vulnerabilities

Labels:
avatar
author-rank loubershad
Contributor

Created ‎10-26-2022 07:51 AM

Our vulnerability scanning found these two vulnerabilities on our CDP Private Cloud 7.1.7-SP1, CVE-2022-22970 and CVE-2022-22971.  There are several versions of spring-core in the parcel, none of which are the recommended version:

./jars/spring-core-4.3.29.RELEASE.jar
./jars/spring-core-5.2.18.RELEASE.jar
./jars/spring-core-5.3.10.jar
./jars/spring-core-5.3.12.jar
./jars/spring-core-5.3.13.jar
./jars/spring-core-5.3.4.jar

Is CDP vulnerable to these vulnerabilities?

 

https://tanzu.vmware.com/security/cve-2022-22970

https://tanzu.vmware.com/security/cve-2022-22971

 

872 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pajoshi author-rank
Rising Star

Created ‎10-26-2022 10:09 AM

Hello @loubershad,

 

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

 

However, it is currently planned and should be available with upcoming release of CDP 

 

Thank you!

View solution in original post

845 Views
0 Kudos
1 REPLY 1

avatar
author-rank pajoshi author-rank
Rising Star

Created ‎10-26-2022 10:09 AM

Hello @loubershad,

 

Current available GA versions of CDP does not have the fix included for the mentioned CVE (CVE-2022-22970 and CVE-2022-22971)

 

However, it is currently planned and should be available with upcoming release of CDP 

 

Thank you!

846 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
View More Announcements
meetups banner