Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

Published

2022-09-01T21:15:09.110

Last Modified

2024-11-21T06:41:43.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-497
Type: Secondary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	advanced_cluster_security	3.68	Yes
Application	redhat	advanced_cluster_security	3.69	Yes
Application	redhat	advanced_cluster_security	3.70	Yes

References

https://access.redhat.com/security/cve/CVE-2022-1902 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2090957 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/stackrox/stackrox/pull/1803 Exploit, Patch, Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-1902 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2090957 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/stackrox/stackrox/pull/1803 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)