Описание
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-1902
- https://github.com/stackrox/stackrox/pull/1803
- https://access.redhat.com/errata/RHSA-2022:5132
- https://access.redhat.com/errata/RHSA-2022:5188
- https://access.redhat.com/errata/RHSA-2022:5189
- https://access.redhat.com/security/cve/CVE-2022-1902
- https://bugzilla.redhat.com/show_bug.cgi?id=2090957
Связанные уязвимости
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Уязвимость реализации интерфейса GraphQL API средства контроля и управления контейнерами Red Hat Advanced Cluster Security (RHACS) for Kubernetes, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации