CVE Vulnerability

CVE-2022-2238

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2101669 Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-2238 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*
Information

Published : 2022-09-01 09:15

Updated : 2023-02-12 10:15

NVD link : CVE-2022-2238

Mitre link : CVE-2022-2238

Products Affected

Advanced Cluster Management For Kubernetes

Redhat

CWE
CWE-400

CWE-89