CVE Vulnerability

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/security/cve/CVE-2022-1902 Vendor Advisory
https://github.com/stackrox/stackrox/pull/1803 Exploit Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2090957 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:advanced_cluster_security:3.68:*:*:*:*:kubernates:*:*
cpe:2.3:a:redhat:advanced_cluster_security:3.69:*:*:*:*:kubernates:*:*
cpe:2.3:a:redhat:advanced_cluster_security:3.70:*:*:*:*:kubernates:*:*
Information

Published : 2022-09-01 09:15

Updated : 2023-02-12 10:15

NVD link : CVE-2022-1902

Mitre link : CVE-2022-1902

Products Affected

Advanced Cluster Security

Redhat

CWE
CWE-497