Описание
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- ExploitPatchThird Party Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
Уязвимость реализации интерфейса GraphQL API средства контроля и управления контейнерами Red Hat Advanced Cluster Security (RHACS) for Kubernetes, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации
EPSS
8.8 High
CVSS3