CVE-2022-2238

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2238
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2022-2238 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2101669 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
History

07 Nov 2023, 03:46

Type Values Removed Values Added
CWE CWE-400

12 Feb 2023, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:7276', 'name': 'https://access.redhat.com/errata/RHSA-2022:7276', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:6954', 'name': 'https://access.redhat.com/errata/RHSA-2022:6954', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:7313', 'name': 'https://access.redhat.com/errata/RHSA-2022:7313', 'tags': [], 'refsource': 'MISC'}
CWE CWE-400
Summary A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

02 Feb 2023, 21:22

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2022:7276 -
  • (MISC) https://access.redhat.com/errata/RHSA-2022:6954 -
  • (MISC) https://access.redhat.com/errata/RHSA-2022:7313 -
Summary A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

07 Sep 2022, 18:45

Type Values Removed Values Added
CWE CWE-89
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2101669 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2101669 - Issue Tracking, Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2022-2238 - (MISC) https://access.redhat.com/security/cve/CVE-2022-2238 - Vendor Advisory
First Time Redhat
Redhat advanced Cluster Management For Kubernetes
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*

01 Sep 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-01 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-2238

Mitre link : CVE-2022-2238

CVE.ORG link : CVE-2022-2238

JSON object : View

Products Affected

redhat

  • advanced_cluster_management_for_kubernetes
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')