CVE-2022-46364 | GHSA-x3x3-qwjq-8gj4 Security Issue on SearchGuard

Our security scanner reports these packages as vulnerable. With Critical Severity. these packages are used by searchguard.
Package: search-guard-7/cxf-*

./elasticsearch/plugins/search-guard-7/cxf-rt-security-3.3.11.jar
./elasticsearch/plugins/search-guard-7/cxf-rt-rs-security-jose-3.3.11.jar
./elasticsearch/plugins/search-guard-7/cxf-rt-rs-json-basic-3.3.11.jar
./elasticsearch/plugins/search-guard-7/cxf-core-3.3.11.jar
./elasticsearch/plugins/search-guard-7/cxf-core-3.3.11.jar

CVE Links:

CVE-2022-46364
NVD - CVE-2022-46364

Affected Versions: up to 3.5.5

could you please provide the status of these findings, or information about mitigation/remediation

Thank you!

Search Guard is not affected by this CVE, as it does not use the code parts of CXF which contain the issue. Still, we will release a new version of SG FLX which will contain a new version of CXF within the next few days.

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.