Vulnerability Details CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.2%
CVSS Severity
CVSS v3 Score 8.8
References
- https://access.redhat.com/security/cve/CVE-2022-1902
- https://bugzilla.redhat.com/show_bug.cgi?id=2090957
- https://github.com/stackrox/stackrox/pull/1803
- https://access.redhat.com/security/cve/CVE-2022-1902
- https://bugzilla.redhat.com/show_bug.cgi?id=2090957
- https://github.com/stackrox/stackrox/pull/1803
Products affected by CVE-2022-1902
-
cpe:2.3:a:redhat:advanced_cluster_security:3.68
-
cpe:2.3:a:redhat:advanced_cluster_security:3.69
-
cpe:2.3:a:redhat:advanced_cluster_security:3.70