CVE-2022-42467 The h2 webconsole module is available in prototype mode with the ability to query the database.

and isis.prototyping.h2-console.generate-random-web-admin-password=false . In addition, it is now possible to block access to the h2 webconsole from anywhere on the Internet. By default, all h2 webconsoles are available from anywhere. A new 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips' configuration parameter can be configured to block access from specific sources.

h2 features and benefits

The h2 webconsole is a browser-based interface for administering your h2 cluster. It provides a single point of access for services such as ssh, crm, and the web console. The new webconsole also provides the ability to add or remove listeners from nodes and generate a random admin password. Finally, the new webconsole has been updated with a new configuration parameter called 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips' that allows you to restrict access to only specific sources like IP addresses or networks on TCP port 80 (HTTP).

Bug fixes

This release contains the following bug fixes:
- CVE-2022-42467 and isis.prototyping.h2-console.generate-random-web-admin-password=false

This release also includes a new configuration parameter, 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips'. This flag configures the h2 console to allow access from specific IP's only, which can be useful for testing purposes or when your application needs to be protected from external sources.

What is the h2 webconsole?

The h2 webconsole provides an interface for debugging and configuring the application. It is a web-based UI for managing security, provisioning, and other aspects of the application. The console interfaces with all resource servers on the device.

Configuration of Ispconfiguration

The configuration of this new setting is as follows:

isis.prototyping.h2-console.web-allow-access-from-restricted-ips=true
and isis.prototyping.h2-console.generate-random-web-admin-password=false . In addition, it is now possible to block access to the h2 webconsole from anywhere on the Internet. By default, all h2 webconsoles are available from anywhere. A new 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips' configuration parameter can be configured to block access from specific sources."

h2-1.3.0 Release Notes:

The following changes have been made in the new h2-1.3.0 release:
- Added support for the secure webconsole and isis.prototyping.h2-console.generate-random-web-admin-password=false configuration parameter
- Added a new configuration parameter, 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips', which can be used to restrict access to any webconsole from specific restricted IP addresses
It is now possible to block access to the h2 webconsole from anywhere on the Internet by default (all webconsoles are available from anywhere). A new 'isis.prototyping.h2-console.web-allow-access-from-restricted-ips' configuration parameter can be configured to block access from specific sources, when required

Timeline

Published on: 10/19/2022 08:15:00 UTC
Last modified on: 10/21/2022 16:43:00 UTC

References

• https://lists.apache.org/thread/jbv2ddt00h7ntlbm6vkk4wdmb31pm8q3
• http://www.openwall.com/lists/oss-security/2022/10/19/1
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42467