Description
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=2065505
https://access.redhat.com/errata/RHSA-2022:6813
https://access.redhat.com/security/cve/CVE-2022-1415
Related Vulnerabilities
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid
CVE-2022-43403 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2020-5397 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2017-2600 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins