CVE-2022-1902

Sažetak

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

Reference

https://access.redhat.com/security/cve/CVE-2022-1902
https://github.com/stackrox/stackrox/pull/1803
https://bugzilla.redhat.com/show_bug.cgi?id=2090957

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

12-02-2023 - 22:15

Objavljeno

01-09-2022 - 21:15