Описание
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
A vulnerability was found in the search-api container when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
Отчет
In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the search-api component is protected by OpenShift OAuth which reduces the impact of this flaw to Moderate. Access to the search-api where queries can be submitted requires the user or ServiceAccount token authorization with a granted access to the resources and managed clusters.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-grafana-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-must-gather-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-operator-bundle-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | application-ui-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | assisted-image-service-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | cert-policy-controller-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | cluster-backup-operator-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | clusterclaims-controller-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | cluster-curator-controller-container | Fixed | RHSA-2022:7276 | 01.11.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
EPSS
6.5 Medium
CVSS3