A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-1902 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2090957 | Issue Tracking Vendor Advisory |
https://github.com/stackrox/stackrox/pull/1803 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-497 | |
References |
|
02 Feb 2023, 21:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2022, 20:04
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat
Redhat advanced Cluster Security |
|
CPE | cpe:2.3:a:redhat:advanced_cluster_security:3.68:*:*:*:*:kubernates:*:* cpe:2.3:a:redhat:advanced_cluster_security:3.70:*:*:*:*:kubernates:*:* cpe:2.3:a:redhat:advanced_cluster_security:3.69:*:*:*:*:kubernates:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-668 | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-1902 - Vendor Advisory | |
References | (MISC) https://github.com/stackrox/stackrox/pull/1803 - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2090957 - Issue Tracking, Vendor Advisory |
01 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-01 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-1902
Mitre link : CVE-2022-1902
CVE.ORG link : CVE-2022-1902
JSON object : View
Products Affected
redhat
- advanced_cluster_security