HIGH🇬🇧 English

CVE-2022-1902

CVSS 8.8v3.1pub. 2022-09-01upd. 2024-11-21

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Red Hat Advanced Cluster Security

    APP
    Redhat
    3.683.693.70
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2025-5198MEDIUM5.0ten sam produkt

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is inclu...

CVE-2024-0406MEDIUM6.1ten sam produkt

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafte...

CVE-2023-48795MEDIUM5.9ten sam produkt

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...

CVE-2023-4958MEDIUM6.1ten sam produkt

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missin...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)