CVE-2022-1902

Published Sep 1, 2022

Last updated 6 months ago

CVSS high 8.8

Overview

Description: A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secalert@redhat.com: CWE-497
nvd@nist.gov: CWE-668

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.68:*:*:*:*:kubernates:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51FFDA7E-C834-4B52-8217-5FC4E0AD9CA0"
          },
          {
            "criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.69:*:*:*:*:kubernates:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DE29924-BE2A-4238-9AE7-50C66741BCF3"
          },
          {
            "criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.70:*:*:*:*:kubernates:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CB462DE-E208-41A6-BD64-934276163329"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References